1. Home
  2. Cisco Systems
  3. Cisco 2511 and SSH (IOS 12.2)

Cisco 2511 and SSH (IOS 12.2)

We're using a 2511 as a console server to a rack of servers in our data closet. Telnetting into any server console port has been simple and straight-forward. I upgraded IOS to IOS 12.2 in order to use ssh to encrypt our console sessions.

SSH connecting to the 2511 works fine. However I am now unable to connect to any of the consoles connnected to the system. Even though I specified a no login on all the async lines, I am prompted with a login when I attempt to connect to a port and, after entering a userame and password, everything hangs.

I haven't found any documentation of this problem yet and nothing seems to be amiss in my configuration.

I'd appreciate any ideas anyone may have on this. I'm new to ssh on Cisco.

Thanks.

--ccannick--

Reply to
ccannick
Loading thread data ...

post your current config

Reply to
Merv

Cisco docs indicate that that SSH terminal-line access (reverse Telnet) was introduced in 12.2(2)T

see

formatting link

Try downloading 12.2(15)T7 image c2500-i-l.122-15.T17.bin

Reply to
Merv

I'm running version 122-29 and terminal access is available.

However, after enabling SSH, terminal access to my Sun servers stopped. Only on my Suns, though. It was working correctly under telnet.

The only clue I have is that I'm prompted to login when telnetting to a port even from inside the 2511.

My config shows no login set. I used a no login for all lines but it doesn't show up in the config:

...

line con 0 line 1 16 modem InOut terminal-type vt100 no exec transport preferred telnet transport input telnet transport output telnet telnet speed 9600 9600 stopbits 1 line aux 0 transport input all line vty 0 4 password 7 13270E544D2E50 transport input telnet ssh ...

Shouldn't I see a line in the config that says 'no login'?

Reply to
ccannick

Try making the following modification to the config and see if that helps

line 1 16 transport input telnet ssh transport output telnet ssh

Cisco da Gama

formatting link

Reply to
ciscodagama

Add SSH Terminal-Line Access

If you need outbound SSH terminal-line authentication, you can configure and test SSH for outbound reverse Telnets through Carter, which acts as a comm server to Philly.

Cisco docs saying the following must be configured for SSH terminal access:

ip ssh port 2001 rotary 1

line 1 16 no exec rotary 1 transport input ssh exec-timeout 0 0

Reply to
Merv

Since "no login" is the default for tty lines, it will not show up in the configuration. This is standard practice for IOS for all commands; default commands are not shown in the configuration.

Cisco da Gama

formatting link

Reply to
ciscodagama

The port option doesn't appear to be available:

jansky(config)#ip ssh ? authentication-retries Specify number of authentication retries time-out Specify SSH time-out interval

Also,since I can successfully connect to other device consoles from this router, ip ssh port can't be necessary.

Reply to
ccannick

Just to clarify, you can ssh to the box and then connect to some device console but not to any Sun servers consoles, is that the situation ?

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.