how to change ssh port on Catalyst 2960 ?

omega838383 · ‎12-13-2016

i am trying to change the ssh port on catalyst 2960 from 22 to 3300.

i followed some examples on the forum but the command:

ip ssh port 2222 rotary 1

return invalid input detected at '^' where the '^' is under the letter "o" of port

how can i change the port ssh is using?

Mark Malone · ‎12-13-2016

Hi that's a router command you cant do that syntax on a switch from what I remember, I just checked a couple of diff platforms and the only ones I see it supported on are routers

omega838383 · ‎12-14-2016

thanks for the respond

is there a way to change the telnet port?

Mark Malone · ‎12-14-2016

Hi theres no way to do it with telnet , but you caould do it at firewall level or through NAT ,aybe but at the switch no , I wouldn't have telnet available its not secure passwords are sent out in cleartext you can see them in wireshark so even if you change the port it can still be sniffed unlike ssh which is encrypted , but only use ssh v2 , v1 is also unsecure

Deepak Kumar · ‎12-14-2016

Hi,

There is no way to change ssh and telnet port on a switch. If you are trying to access from outside then you should change port with NAT.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

paul driver · ‎12-15-2016

Hello
I use rotary all the time when applicable-

Please review example:

username stan privilege 15 secret 5 $1$11LG$RQvm3bTfbw3gazIJ1uh6v1

aaa new-model
aaa authentication login SafeMyBacon local
aaa authorization console
aaa authorization config-commands
aaa authorization exec SafeMyBacon local if-authenticated
aaa authorization commands 0 SafeMyBacon none
aaa authorization commands 1 SafeMyBacon none
aaa authorization commands 15 SafeMyBacon none

ip domain name stan.com

ip ssh port 2001 rotary 1
ip ssh version 2

line ?
<0-1001> First Line number

line 1001
authorization commands 0 SafeMyBacon
authorization commands 1 SafeMyBacon
authorization commands 15 SafeMyBacon
authorization exec SafeMyBacon
login authentication SafeMyBacon
rotary 1
transport input ssh

ssh -l stan -p 2001 1.1.1.1

or

line vty ?
<0-903> First Line number

line vty 903
authorization commands 0 SafeMyBacon
authorization commands 1 SafeMyBacon
authorization commands 15 SafeMyBacon
authorization exec SafeMyBacon
login authentication SafeMyBacon
rotary 1
transport input telnet

telnet 10.1.12.1 3001

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

abdulmajid.shaikh@bt.com · ‎12-04-2017

Hi.

The CLI is fine. Can you use this on a L2 switch, for instance, a 2960-24TT-L ? I am unable to do so, earlier I thought it may be the IOS image issue, but ive upgraded it to CISCO recommended image, still the command for <ip ssh port XXX rotary 1> does not work.

paul driver · ‎12-04-2017

Hello

Hum... Try to still use that rotary command to access ssh/telnet via a specific rotary port number but without PAM, let us know how you get on?

example:

line vty 15

rotary 99

transport input ssh telnet
login local
exit

ssh -l stan x.x.x.x 3099
telnet x.x.x.x 3099

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul