Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
19970
Views
10
Helpful
9
Replies

How to enable ssh and telnet on a 1841

Go to solution
insccisco
Level 1
Level 1

‎06-11-2006 05:42 PM - edited ‎03-03-2019 03:35 AM

can anyone please help me in enabling ssh access to my 1841 router?

I am trying to connect to the router from a host sitting on the inside interface of the router

thanks

2 people had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to insccisco

‎06-12-2006 10:45 AM

Angel

The security feature set does support SSH so that is one requirement taken care of.

If you had the ability to get in through SSH but now do not, I wonder if there is some error message that is generated when you attempt SSH? This might help us understand what the problem is, and therefore what the solution should be.

I can think of two things that could prevent SSH access:

1) if someone configured the vty lines with transport input and did not include SSH as one of the transports. If you can post the configuration of the vty lines we can see if this is the case.

2) if the crypto key was changed or removed, or if the router name was changed (I just recently ran into the effect of changing the router name - which is to invalidate the crypto key which then prevents SSH access). To make sure this is not the problem I suggest that you do the following:

verify that the router is configured with a valid hostname and a valid domain name

reboot the router

config term

crypto key gen rsa gen mod 1024

ip ssh version 2

exit

Then see if SSH works again.

HTH

Rick

HTH

Rick

View solution in original post

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to insccisco

‎06-13-2006 04:53 AM

Angel

The command transport input on the line vty specifies which protocols will be accepted as input to the vty lines (which are what is used for remote access). If the command specifies only SSH then SSH is the only protocol that will be accepted (telnet will fail) and if the command specifies both SSH and telnet then both SSH and telnet will be permitted and both protocols will work.

HTH

Rick

HTH

Rick

View solution in original post

9 Replies 9

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎06-11-2006 06:27 PM

Angel

The first step in enabling SSH is to find whether you have a feature set on your router that supports it. SSH requires crypto support and not all feature sets provide this. (Note that this is not a what version issue but a feature set within a version issue)

Assuming that you have (or get) a feature set that does support crypto the next step is to generate RSA crypto keys. To be able to generate crypto keys the router must be configured with a non-default router name and a domain name (these are used to assign an identity to the keys being generated). So after configuring hostname and domain use the crypto key generate command in config mode to generate the keys.

That pretty much enables SSH. Depending on the version of IOS you may have an option whether to run version 1 or version 2 of SSH.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
insccisco
Level 1
Level 1
In response to Richard Burts

‎06-12-2006 10:27 AM

Hi Rick,

my IOS version is 12.4. I also have the security feature set with this 1841. Somewhere along the configuration, the ability to get in thru ssh got lost. When I first configured the router, I was able to use it, but I must have done something wrong afterwards.

Can you send me the exact commands to do this?

thanks

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to insccisco

‎06-12-2006 10:45 AM

Angel

The security feature set does support SSH so that is one requirement taken care of.

If you had the ability to get in through SSH but now do not, I wonder if there is some error message that is generated when you attempt SSH? This might help us understand what the problem is, and therefore what the solution should be.

I can think of two things that could prevent SSH access:

1) if someone configured the vty lines with transport input and did not include SSH as one of the transports. If you can post the configuration of the vty lines we can see if this is the case.

2) if the crypto key was changed or removed, or if the router name was changed (I just recently ran into the effect of changing the router name - which is to invalidate the crypto key which then prevents SSH access). To make sure this is not the problem I suggest that you do the following:

verify that the router is configured with a valid hostname and a valid domain name

reboot the router

config term

crypto key gen rsa gen mod 1024

ip ssh version 2

exit

Then see if SSH works again.

HTH

Rick

HTH

Rick

Go to solution
insccisco
Level 1
Level 1
In response to Richard Burts

‎06-12-2006 06:04 PM

Hi Rick,

I tried doing all your steps and I ended up with:

line vty 0 4

transport input telnet ssh

But the funny thing is that it worked. I did the "crypto key gen rsa gen mod 1024" and it seems that it did the trick.

Now, when I do a "sh ip ssh" at the # prompt, I get

SSH enabled - version 1.99

Authentication timeout: 120 secs; Authentication retries: 3

Again, I am able to get in thru ssh from the inside subnet.

I wish I knew more about all these commands I typed; so if there are any readings about it, can you please forward them to me?

thanks again

0 Helpful

Go to solution
dbakula01
Level 1
Level 1

‎06-12-2006 10:48 AM

1) router must have hostname and a DNS domain.

2) aaa new-model

3) cry key generate rsa

4)line vty 0 4

!--- Prevent non-SSH Telnets.

5)transport input ssh

0 Helpful

Go to solution
insccisco
Level 1
Level 1
In response to dbakula01

‎06-12-2006 06:08 PM

I see. My router has a hostname and the domain name still at the default (yourdomain.com)

I was able to fix it thanks to help from here.

My line vty 04 shows the following:

line vty 0 4

transport input telnet ssh

Comparing this to what you suggested, your has it as "transport input ssh" and mine has the "telnet" word in it.

What is the difference and is this telling the router?

thanks

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to insccisco

‎06-13-2006 04:53 AM

Angel

The command transport input on the line vty specifies which protocols will be accepted as input to the vty lines (which are what is used for remote access). If the command specifies only SSH then SSH is the only protocol that will be accepted (telnet will fail) and if the command specifies both SSH and telnet then both SSH and telnet will be permitted and both protocols will work.

HTH

Rick

HTH

Rick

Go to solution
insccisco
Level 1
Level 1
In response to Richard Burts

‎06-13-2006 02:39 PM

Rick,

again, you are the man. I like the way you are clearing things out for me... you're making it simple :)

thanks

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to insccisco

‎06-13-2006 06:13 PM

Angel

I am glad that we have been able to help. Thank you for rating posts. It makes the forum for useful for participants when we can see topics which have had helpful answers.

I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card