Solved: Re: SSH from cisco C9500-24Y4C with desired source interface / IP?

Pawel.Lipko · ‎07-05-2022

Hi!

Short question: how to SSH from cisco C9500-24Y4C to directly connected switch defining my source IP or interface. Telnet seems have tht option, but SSH not

Longer story:

I'm using cisco C9500-24Y4C with soft Version 17.3.1r[FC2]

Recently I created new VRF and made contact subnet to one of HP switches I have connected to that Catalyst.

Config is simple as that:

Catalyst:

interface Vlan516
vrf forwarding SomeVRF
ip address 172.28.4.57 255.255.255.248

HP:

interface Vlan-interface516
ip binding vpn-instance SomeVRF
ip address 172.28.4.58 255.255.255.248

Trying to SSH does not work:

CatalystSW#ssh -vrf SomeVRF 172.28.4.58
% Connection timed out; remote host not responding

But Catalyst can ping it:

CatalystSW#ping vrf SomeVRF 172.28.4.58
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.28.4.58, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

HP switch is able to SSH to itself using newly added IP address:

<HP_SW>ssh2 172.28.4.58 vpn-instance SomeVRF
Username: admin
Press CTRL+C to abort.
Connecting to 172.28.4.58 port 22.
The server is not authenticated. Continue? [Y/N]:Y
Do you want to save the server public key? [Y/N]:Y
admin@172.28.4.58's password:
Enter a character ~ and a dot to abort.

<HP_SW>exit
Connection to 172.28.4.58 closed.

But Catalyst seems to use some different interface than directly connected one

If I try to SSH to HP switch - it fails:

CatalystSW#ssh ?
-c Select encryption algorithm
-l Log in using this user name
-m Select HMAC algorithm
-o Specify options
-p Connect to this port
-v Specify SSH Protocol Version
-vrf Specify vrf name
WORD IP address or hostname of a remote system

CatalystSW#ssh -vrf SomeVRF 172.28.4.58 ?
WORD Command string
<cr> <cr>

CatalystSW#ssh -vrf SomeVRF 172.28.4.58
% Connection timed out; remote host not responding

If I try to telnet to see if port is listening - it fails

CatalystSW#telnet 172.28.4.58 22 /vrf SomeVRF
Trying 172.28.4.58, 22 ...
% Destination unreachable; gateway or host down

But if I define source interface for telnet - it reaches SSH service

CatalystSW#telnet 172.28.4.58 22 /vrf SomeVRF /source-interface vlan 516
Trying 172.28.4.58, 22 ... Open
SSH-2.0-Comware-7.1.070

The question is: how to ssh from cisco C9500-24Y4C defining source IP or interface?

Only telnet allows that function?

SSH -o is not helping

CatalystSW#ssh -o ?
numberofpasswordprompts Specify number of password prompts

balaji.bandi · ‎07-05-2022

how about configuring :

ip ssh source-interface XXXX

hope you have vty line to allow outgoing connection.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎07-05-2022

config need to done on config mode.

config t

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎07-05-2022

how about configuring :

ip ssh source-interface XXXX

hope you have vty line to allow outgoing connection.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Pawel.Lipko · ‎07-05-2022

Thanks for answer, but this one doesn't have such option

Catalyst_SW#ip ssh?
% Unrecognized command
Catalyst_SW#ip ssh ?
% Unrecognized command
Catalyst_SW#ip ?
dhcp DHCP related commands
sla SLA

balaji.bandi · ‎07-05-2022

config need to done on config mode.

config t

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Pawel.Lipko · ‎07-05-2022

you are genius!
Thanks!
It works!

MHM Cisco World · ‎07-05-2022

as @balaji.bandi suggest