Cisco 851 change default SSH port - Cisco Community

3414

Views

0

Helpful

2

Replies

I have this Cisco 851, nothing fancy:

c851-xxxxxx(config-line)#do sh run | b line vty 0 4

line vty 0 4

exec-timeout 7 0

privilege level 15

login local

transport preferred ssh

transport input telnet ssh

I'm trying to change ssh port to something >1024 with rotary groups:

c851-xxxxx(config-line)#line vty 0 4

c851-xxxxx(config-line)#rotary 1

X121 address and queued type can not be configured on the same rotary group 1

c851-xxxxx(config-line)#rotary 2

X121 address and queued type can not be configured on the same rotary group 2

c851-xxxxx(config-line)#rotary 3

X121 address and queued type can not be configured on the same rotary group 3

Works on a 2811 with advipservices:

ip ssh port 4343 rotary 1

!

line vty 5

exec-timeout 5 0

rotary 1

transport input ssh

My 851 is running advsecurityk9.

Is there any way around this? Thanks.

2 Replies 2

Yeah, you should be able to do this. Basic idea is to convert the 871 console into an aux with "modem enable", then use the "ssh terminal-line access" feature to enable "reverse SSH" into the 2800 console.

The config would go something like this:

username fred pass 0 FLINTSTONE

crypto key generate rsa

ip ssh port 2000 rotary 1

ip ssh break-string

line con 0

modem enable

line aux 0

no exec

transport input ssh

rotary 1

login

then, to do the "reverse ssh" out the aux 0:

$ ssh -l fred -p 2000 ip.addr.of.871

Should work on paper but as soon as i reach

c851-bacau(config-line)#line aux 0

c851-bacau(config-line)#rotary 1

X121 address and queued type can not be configured on the same rotary group 1

I get the dreaded X121 error.

Maybe the advsecurity IOS is a no go for this.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community