cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
750
Views
0
Helpful
4
Replies

limit ssh

sahar.co67
Beginner
Beginner

Hi. İ want to limit ssh access without acl. İt means for example i have 2 pc ( pc1 , pc 2) i want pc1 can do ssh to router but pc 2 can not to do ssh to router ?

Sent from Cisco Technical Support iPhone App

4 Replies 4

Stuart Gall
Beginner
Beginner

It is strange that you do not want to use an access-group that is the easy way.

The only other way I can think of is to have the management ip on a different sub net and then add a second ip to the pc that should have access.

Sent from Cisco Technical Support iPad App

singhaam007
Participant
Participant

hello,

you can use a local username and password on the router or with an authentication, authorization, and accounting (AAA) server that runs TACACS+ or RADIUS to connect to the router.

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml#testingwithoutssh

hope this will help.

thanks

Sandeep Choudhary
VIP Mentor VIP Mentor
VIP Mentor

HI Sahar,

It is best and easy to use a ACL to restrict the access to other users.

I will look around , how to restrict SSH without using of ACL.

but till then u can try this, if you want:

By ACL:

  access-list 5 permit (Hostname) 0.0.0.0
  access-list 5 deny any any

then apply to Line vty

line vty 0 4
      ! Only allow ssh
      tranport input ssh
      ! Apply our access list for incoming connections
      access-class 5 in
      ! Finally, apply an exec-timeout, which will disconnect an idle connection
      ! The timeout is 10 minutes and 0 seconds
      exec-timeout 10 0


Regards
Please rate if it helps.

cadet alain
Mentor
Mentor

Hi,

you could try using a MQC policy dropping ssh access from the MAC address of PC2.

class-map BLOCKED_SSH

match source-address-mac xxxx.xxxx.xxxx

match protocol ssh

policy-map BLOCK_SSH

class BLOCKED_SSH

drop

int x/x

service-policy input BLOCKED_SSH

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers