cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1211
Views
0
Helpful
4
Replies

limit ssh

sahar.co67
Level 1
Level 1

Hi. İ want to limit ssh access without acl. İt means for example i have 2 pc ( pc1 , pc 2) i want pc1 can do ssh to router but pc 2 can not to do ssh to router ?

Sent from Cisco Technical Support iPhone App

4 Replies 4

Stuart Gall
Level 1
Level 1

It is strange that you do not want to use an access-group that is the easy way.

The only other way I can think of is to have the management ip on a different sub net and then add a second ip to the pc that should have access.

Sent from Cisco Technical Support iPad App

singhaam007
Level 3
Level 3

hello,

you can use a local username and password on the router or with an authentication, authorization, and accounting (AAA) server that runs TACACS+ or RADIUS to connect to the router.

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml#testingwithoutssh

hope this will help.

thanks

Sandeep Choudhary
VIP Alumni
VIP Alumni

HI Sahar,

It is best and easy to use a ACL to restrict the access to other users.

I will look around , how to restrict SSH without using of ACL.

but till then u can try this, if you want:

By ACL:

  access-list 5 permit (Hostname) 0.0.0.0
  access-list 5 deny any any

then apply to Line vty

line vty 0 4
      ! Only allow ssh
      tranport input ssh
      ! Apply our access list for incoming connections
      access-class 5 in
      ! Finally, apply an exec-timeout, which will disconnect an idle connection
      ! The timeout is 10 minutes and 0 seconds
      exec-timeout 10 0


Regards
Please rate if it helps.

cadet alain
VIP Alumni
VIP Alumni

Hi,

you could try using a MQC policy dropping ssh access from the MAC address of PC2.

class-map BLOCKED_SSH

match source-address-mac xxxx.xxxx.xxxx

match protocol ssh

policy-map BLOCK_SSH

class BLOCKED_SSH

drop

int x/x

service-policy input BLOCKED_SSH

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco