Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1876
Views
0
Helpful
3
Replies

How to switch from telnet from ssh

h.escobar
Level 1
Level 1

‎08-31-2020 11:56 AM

I'm trying to switch over from telnet to ssh but the switch is at a remote location. I created a local user account, generated the rsa keys for ssh, and enable ssh version 2.  How do I change the current config to allow for ssh without locking my self out. 

Below is the current config. 

line con 0
password 7 jhdhdjhdkjdjdjdjd
login
line vty 0 4
password 7 jhdhdjhdkjdjdjdjd
login
line vty 5 15
login

Labels:
0 Helpful
3 Replies 3

paul driver
VIP
VIP

‎08-31-2020 12:42 PM - edited ‎08-31-2020 12:49 PM

Hello

Remotely log into the switch and save the running configuration then set a scheduled reload of the switch incase you've lock yourself out then change the vty lines to allow local username access and both telnet and ssh.

Then open an additional ssh session and once you've managed successful to access the device remotely via ssh you can change access just to accommodate ssh, cancel the schedule reload and save your configuration

 

wr
reload in xx
line vty 0 X
login local
transport input telnet ssh

 

after successful a ssh access
line vty 0 X
transport input ssh

reload cancel
wr


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

h.escobar
Level 1
Level 1

‎08-31-2020 12:48 PM

Do I need to also do 

aaa new-model

aaa authentication login default local

0 Helpful

paul driver
VIP
VIP
In response to h.escobar

‎09-01-2020 01:34 AM

Hello

No you don't have too, the login local on the vty lines will use the switch local userbase for authentication, however is you want AAA you can do then by default you wouldn't require the login  local applied to the vty lines.


example:

username xxx secret xxxx
aaa new-model
aaa authentication login default local-case
aaa authentication enable default line  <  this will use you already vty line password
aaa authorization exec default if-authenticated


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card