limit ssh

sahar.co67 · ‎10-07-2012

Hi. İ want to limit ssh access without acl. İt means for example i have 2 pc ( pc1 , pc 2) i want pc1 can do ssh to router but pc 2 can not to do ssh to router ?

Sent from Cisco Technical Support iPhone App

Stuart Gall · ‎10-07-2012

It is strange that you do not want to use an access-group that is the easy way.

The only other way I can think of is to have the management ip on a different sub net and then add a second ip to the pc that should have access.

Sent from Cisco Technical Support iPad App

singhaam007 · ‎10-07-2012

hello,

you can use a local username and password on the router or with an authentication, authorization, and accounting (AAA) server that runs TACACS+ or RADIUS to connect to the router.

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml#testingwithoutssh

hope this will help.

thanks

Sandeep Choudhary · ‎10-07-2012

HI Sahar,

It is best and easy to use a ACL to restrict the access to other users.

I will look around , how to restrict SSH without using of ACL.

but till then u can try this, if you want:

By ACL:

  access-list 5 permit (Hostname) 0.0.0.0
  access-list 5 deny any any

then apply to Line vty

line vty 0 4
      ! Only allow ssh
      tranport input ssh
      ! Apply our access list for incoming connections
      access-class 5 in
      ! Finally, apply an exec-timeout, which will disconnect an idle connection
      ! The timeout is 10 minutes and 0 seconds
      exec-timeout 10 0


Regards
Please rate if it helps.

cadet alain · ‎10-08-2012

Hi,

you could try using a MQC policy dropping ssh access from the MAC address of PC2.

class-map BLOCKED_SSH

match source-address-mac xxxx.xxxx.xxxx

match protocol ssh

policy-map BLOCK_SSH

class BLOCKED_SSH

drop

int x/x

service-policy input BLOCKED_SSH

Regards.

Alain

Don't forget to rate helpful posts.