01-30-2013 03:15 PM - edited 03-04-2019 06:53 PM
I usually initiate a connection from a router to another network device by simply typing the IP address of the destination I want and then press enter. That begins a telnet session.
Router#10.1.1.1 <--------- starts a telnet session, but I want it to use SSH instead
Is there a way to change that default to SSH so that when I just type the IP address it kicks off SSH instead of telnet?
I want it to behave as though I typed:
Router#ssh 10.1.1.1
P.S. Please don't suggest macros or alias soultions as this will not accomplish my goal in a dynamic fashion.
01-31-2013 12:31 AM
Hi,
line con 0
transport preferred ssh
Regards
Alain
Don't forget to rate helpful posts.
01-31-2013 07:36 AM
This is the output from implementing the preferred/output/input ssh.
----------------------------------------------------------------------------------------------------------------------------------------------------
CH-3750-core#sh run | b line
line con 0
transport preferred ssh
transport output ssh
line vty 0 4
privilege level 15
transport preferred ssh
transport input ssh
transport output ssh
line vty 5 15
privilege level 15
transport preferred ssh
transport input ssh
transport output ssh
!
ntp clock-period 36027693
ntp server 132.163.4.101
ntp server 132.163.4.103
ntp server 24.56.178.140
end
CH-3750-core#10.100.0.125
% Unknown command or computer name, or unable to find computer address
CH-3750-core#ping 10.100.0.125
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.125, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
I also configured the ssh source-interface to be on the same subnet I'm trying to get to. It still works if I use
----------------------------------------------------------------------------------------------------------------------------------------------------
CH-3750-core#ssh 10.100.0.125
----------------------------------------------------------------------------------------------------------------------------------------------------
I'm using a 3750x stack of 2 running code c3750e-universalk9-mz.122-55.SE5.bin.
Below is the output to the same router with different syntax to start the ssh session.
----------------------------------------------------------------------------------------------------------------------------------------------------
CH-3750-core#ssh 10.100.0.125
Password:
Router#
----------------------------------------------------------------------------------------------------------------------------------------------------
01-31-2013 12:43 PM
Hi,
i've tried it and it didn't work so i made some research and apparently this is not possible. it still uses telnet not ssh though the word ssh was used. I'll have to dig further to see the use of this keyword then.
Regards
Alain
Don't forget to rate helpful posts.
02-04-2013 10:16 AM
Cadet,
Upon further investigation, I think it is not possible to change the default behavior. I was reading another forum here and they were discussing something VERY similar to the issue I am asking about, but not quite the same. I believe the reasoning is something like this:
Simply entering the ip address initiates (or attempts to, anyway) a telnet session. Because the transport output ssh command was used you get the results listed above. This means that any time you want to ssh from a cisco router/switch/device you have to use the key word ssh x.x.x.x (with other switches if so desired, like -l for username) and cannot change the way the router interprets simply entering an IP address.
Thanks anyway for your attempt to answer my question.
02-04-2013 03:06 PM
My understanding is the input command determines what protocols will be allowed in that line. The output command define what protocol you may use to connect to a device going out. so if you do the following:
line vty 0 15
transport input ssh
transport output ssh
This device can only be connected to by SSH (on the VTY lines console is a separate line) and will only connect to other devices via SSH. This however does not change the default action of the router but prevents it from sending out the telnet request.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide