cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4704
Views
5
Helpful
5
Replies

Set SSH as default for telnet from router

William Childs
Level 1
Level 1

I usually initiate a connection from a router to another network device by simply typing the IP address of the destination I want and then press enter. That begins a telnet session.

Router#10.1.1.1       <--------- starts a telnet session, but I want it to use SSH instead

Is there a way to change that default to SSH so that when I just type the IP address it kicks off SSH instead of telnet?

I want it to behave as though I typed:

Router#ssh 10.1.1.1

P.S. Please don't suggest macros or alias soultions as this will not accomplish my goal in a dynamic fashion.

5 Replies 5

cadet alain
VIP Alumni
VIP Alumni

Hi,

line con 0

transport preferred ssh

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

This is the output from implementing the preferred/output/input ssh.

----------------------------------------------------------------------------------------------------------------------------------------------------

CH-3750-core#sh run | b line

line con 0

transport preferred ssh

transport output ssh

line vty 0 4

privilege level 15

transport preferred ssh

transport input ssh

transport output ssh

line vty 5 15

privilege level 15

transport preferred ssh

transport input ssh

transport output ssh

!

ntp clock-period 36027693

ntp server 132.163.4.101

ntp server 132.163.4.103

ntp server 24.56.178.140

end

CH-3750-core#10.100.0.125

% Unknown command or computer name, or unable to find computer address

CH-3750-core#ping 10.100.0.125

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.100.0.125, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

I also configured the ssh source-interface to be on the same subnet I'm trying to get to. It still works if I use

----------------------------------------------------------------------------------------------------------------------------------------------------

CH-3750-core#ssh 10.100.0.125

----------------------------------------------------------------------------------------------------------------------------------------------------

I'm using a 3750x stack of 2 running code c3750e-universalk9-mz.122-55.SE5.bin.

Below is the output to the same router with different syntax to start the ssh session.

----------------------------------------------------------------------------------------------------------------------------------------------------

CH-3750-core#ssh 10.100.0.125

Password:

Router#

----------------------------------------------------------------------------------------------------------------------------------------------------

Hi,

i've tried it and it didn't work so i made some research and apparently this is not possible. it still uses telnet  not ssh though the word ssh was used. I'll have to dig further to see the use of this keyword then.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Cadet,

Upon further investigation, I think  it is not possible to change the default behavior. I was reading another forum here and they were discussing something VERY similar to the issue I am asking about, but not quite the same. I believe the reasoning is something like this:

Simply entering the ip address initiates (or attempts to, anyway) a telnet session. Because the transport output ssh command was used you get the results listed above. This means that any time you want to ssh from a cisco router/switch/device you have to use the key word ssh x.x.x.x (with other switches if so desired, like -l for username) and cannot change the way the router interprets simply entering an IP address.

Thanks anyway for your attempt to answer my question.

My understanding is the input command determines what protocols will be allowed in that line. The output command define what protocol you may use to connect to a device going out. so if you do the following:

line vty 0 15

transport input ssh

transport output ssh

This device can only be connected to by SSH (on the VTY lines console is a separate line) and will only connect to other devices  via SSH. This however does not change the default action of the router but prevents it from sending out the telnet request.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: