07-07-2013 02:36 AM - edited 03-07-2019 02:16 PM
ive mad :
1- ip domian name sss
2- local username
3-crypto key generate rsa , then i choosed 1024 bits
4- for line vty i put ===>transport input ssh
5- login local
but i want to ask about how to change the port from 22 to another port ???
regards
Solved! Go to Solution.
07-07-2013 06:36 AM
Hello Inayath,
I am afraid this will not work. The ip port-map command is used by the IP Inspect (former CBAC) to define port-to-application mappings. However, it is not going to move your local SSH daemon to a different port.
What worked for me is this:
ip ssh port 2222 rotary 1
!
line vty 0 15
rotary 1
This configuration assigns VTY lines 0 through 15 into the rotary group 1 for which the SSH can be reached on the port 2222. The SSH will still be listening on port 22 as well so if this is not desired, an ACL will be necessary to prevent logging into the device using the ordinary IP port:
ip access-list extended DenyStdSSH
deny tcp any any eq 22
permit ip any any
!
line vty 0 15
access-class DenyStdSSH in
Best regards,
Peter
07-07-2013 04:17 AM
I havent tried this personally but i could found this:
can you issur this command ?
sh ip port-map ssh
if you see port 22 you can change it like this:
ip port-map ssh port xyz
HTH, please rate if this helps
07-07-2013 06:36 AM
Hello Inayath,
I am afraid this will not work. The ip port-map command is used by the IP Inspect (former CBAC) to define port-to-application mappings. However, it is not going to move your local SSH daemon to a different port.
What worked for me is this:
ip ssh port 2222 rotary 1
!
line vty 0 15
rotary 1
This configuration assigns VTY lines 0 through 15 into the rotary group 1 for which the SSH can be reached on the port 2222. The SSH will still be listening on port 22 as well so if this is not desired, an ACL will be necessary to prevent logging into the device using the ordinary IP port:
ip access-list extended DenyStdSSH
deny tcp any any eq 22
permit ip any any
!
line vty 0 15
access-class DenyStdSSH in
Best regards,
Peter
07-07-2013 08:36 AM
07-07-2013 08:47 AM
Hi John,
Thanks for joining. That blog basically describes the approach I have suggested myself, doesn't it?
Best regards,
Peter
07-07-2013 08:50 AM
yeah you did. sorry i missed your response. I only saw the first response on my phone.
07-08-2013 10:55 AM
hi ,
thanks all ,
ive changed ssh port successfully .
thanks alot ,
im i have some sadness cause i have switch 2960g doesnt support rotary ssh commands
i dont know if the issue from my ios or from the platform
my ios ver :
=======================================================
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)
NS-Switch uptime is 22 weeks, 2 days, 14 hours, 14 minutes
System returned to ROM by power-on
System image file is "flash:/c2960-lanbasek9-mz.122-55.SE1.bin"
-===============================================================
regards
07-08-2013 01:38 PM
Hi ,
I am also not too sure why your 2960 wouldn't support Rotary SSH commands because it seems to be a compatible IOS version.
The command history suggests it 's been introduced in 12.2(2) T
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i3.html#wp1056964
May be LAN Base ? Thats why ?
Regards,
Anup
07-08-2013 11:24 PM
you may be correct , i think lanbase doesnt support ip ssh port xx
05-19-2017 03:27 AM
Guys here is a video i found summarise all the steps .
https://www.youtube.com/watch?v=9Dqcp7zS7zg
good luck
08-30-2017 11:51 PM
Enable SSH first
ip domain-name Cisco.com
crypto key generate rsa
(use 1024) bit
Use Rotary command first for SSH port
ip ssh port 8888 rotary 1
create access list to block standard SSH port and also if you want specific IP to allow add them in list.
ip access-list ex SSH_PORT_IP_allow
10 deny tcp any any eq 22
20 permit tcp host 10.2.3.7 any eq 8888
30 permit tcp host 10.2.3.9 any eq 8888
40 permit tcp host 10.2.3.9 any eq 8888
50 deny tcp any any eq 8888
then apply on VTY lines
Line VTY 0 15
access-class SSH_PORT_IP_allow in
rotary 1
transport input ssh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: