Configure 2611 by SSH

Hello

I have a router 2611 I want to configure SSH instead of telnet.

Can someone point me to a Cisco guide that explains how to do this, the little I'm mostly having problems with is to find how to generate the SSH key.

Info much appreciated.

Thank you

Gareth

Hello

to generate the key:

cry key generate rsa

to check:

Show cry mypubkey rsa key

See also the following document:

http://www.Cisco.com/warp/public/707/SSH.shtml

Kind regards

Mehrdad Arshad Rad

Tags: Cisco Security

Similar Questions

  • From TZ170 to TZ300 configure specific IP SSH

    Hello

    TZ 170, it was very easy to configure a rule to allow SSH from a specific to our local network IP address. But I do not see the option to enter a specific IP address when you set up the rule on the new TZ300.

    Thank you

    Bob

    Bob,

    I guess you are running the standard firmware on the 170. The 300 run improved firmware and the rules are based on items in the address.

    You will need create objects for the IP addresses/IP address you want to allow.

    The following kb should help you.

    support.Software.Dell.com/.../sw4535

    Kevin

  • VPN configuration ends the SSH session

    Can someone tell me why my SSH session in a PIX gets terminated when I apply a command card crypto on the firewall that I can access?

    If you go through the external interface, you will need to be very careful about adding crypto map controls, cause, you can easily lock you out of the PIX and stop the PIX to pass all traffic.

    If there is an existing encryption card on the PIX and you add another, you must unapply the card encryption first, add the new in (make sure it is complete) and then re-apply.

    If there is no existing mapping, then make sure that you add the card encryption in its entirety, including the access list and then apply the encryption card to the interface.

    If you think you're doing it right, answer back with exactly what you type in and let's see what you're missing.

  • R710 IDRAC6 series via ssh: connect com2 returns COMMAND NOT RECOGNIZED

    Hello

    I configured successfully on ssh several times serial console redirection on different dell servers, but now I'm stuck with two R710s.

    The problem

    I can't use the connect command:

    /Admin1-> connect com2
    cmdstat
    status: 2
    status_tag: PROCESSING COMMAND FAILED
    error: 253
    error_tag: COMMAND NOT RECOGNIZED

    Configuration

    Version

    BIOS is 6.1.0, cli version output is:

    /Admin1-> version
    CLP SM Version: 1.0.2
    SM ME treat Version: 1.0.0b

    I have configured the redirection as before:

    BIOS

    Communication series

    On with the Console via COM2 Redirection

    Address of the Serial Port Device1 Serial = COM1, Serial Device2 = COM2
    Connector external series Remote access equipment
    Failsafe baud rate 115200
    Remote Terminal type VT100/VT220
    Redirection after boot People with disabilities

    iDRAC

    /Admin1/system1/SP1-> racadm config-g cfgSerial o cfgSerialBaudRate 115200
    Value of the object successfully changed
    /Admin1/system1/SP1-> racadm config-g cfgSerial o cfgSerialConsoleEnable 1
    Value of the object successfully changed
    /Admin1/system1/SP1-> racadm config-g cfgSerial o cfgSerialSshEnable 1
    Value of the object successfully changed
    /Admin1/system1/SP1-> racadm config-g cfgSerial o cfgSerialHistorySize 2000
    Value of the object successfully changed

    The command is now console, not connect.

    And that's exactly what is said in the docs - it's just that I had not noticed the change and read 'connect', where 'console' was written.

    A big thanks to Lars Handrick Support Dell Germany for reporting the change of command name for me.

  • Manage the 5512 ASA with SSH via VPN

    Hello

    We are facing problems with ssh access on our ASA5512 on a Site-2-Site VPN tunnel.

    SSH seems to be implemented properly, because we can login from inside and outside on both Interfaces.

    But when we try to connect the ASA from a remote location with SSH Putty reports a timeout.

    We set up a lot of these configurations with ASA5510 and ASA Image 8.x without any problem, so I guess it must have something to do with the new version of the ASA.

    The value by defect-rsa-key was generated successfully.

    VPN is ok and log viewer shows:

    6 March 21, 2016 10:21:44 302013 192.168.0.100 51682 192.168.1.1 22

    Built of TCP connections incoming 597903 for outside:192.168.0.100/51682 (192.168.0.100/51682) at inside:192.168.1.1/22 (192.168.1.1/22)

    That's how we set up the configuration:

    the ssh LOCAL console AAA authentication

    SSH 192.168.0.0 255.255.255.0 inside (192.168.0.0 is the remote VPN network)

    management-access inside

    username privilege 15 PASSWORD USER password

    We missed something?

    Thank you

    Best regards

    Dennis

    Hi Dennis,

    The config looks very good.

    Are you able to ping inside the interface through the tunnel.

    If not can check you the nat for traffic and adds the route search key word.

    If you use not all certificates on the SAA you can use the command for related on the SAA rsa keys:

    encryption key tied rsa or try to be specific: related encryption rsa label key<>

    Try to remove the SSH configuration and reapply.

    I would like to know if it works or not. If this isn't the case, then take debug ssh 255 and part.

    Kind regards

    Aditya

    Please evaluate the useful messages.

  • Several ports to listen for SSH on Catalyst switches

    Hello community,

    On Cisco routers, you can set up multiple SSH ports (instead of the default tcp 22) in combination with rotary groups. Then attach these rotating groups of specific VTY lines. It works very well.

    But it seems on Cisco switches, you cannot set different ports of SSH. The order Router(config) #ip ssh port portnum Rotary group is not available. You can use the rotating on the VTY lines, but it does for Telnet connections.

    Did someone knows if it is possible to use rotating groups on switches with SSH? What I'm trying to achieve is, I want to use multiple lists of AAA method and define these specific VTY lines slot. In this way, I am able to designate specific users, connecting from specific IP on a dedicated VTY line addresses, with a personalized list of AAA method.

    Any help is very appreciated!

    Kind regards

    Dion Dohmen

    Hello

    I am currently using 12.2 (58) SE2 on the 3560.

    Software Cisco IOS, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2 (58) SE2, RELEASE SOFTWARE (fc1)

    I lowered my IOS to check if she is still supported for the 3560 on 12.2 (55) SE1 and is not.

    XXX availability is 1 minute
    System to regain the power ROM
    System restarted at 14:38:50 GMT Tuesday, July 29, 2014
    System image file is "flash:/c3560-ipservicesk9-mz.122-55.SE1.bin".

    XXX (config) #ip ssh?
    new authentication attempts to specify number of authentication retries
    DSCP DSCP IP value for SSH traffic
    Configure logging for SSH logging
    priority of the value of IP precedence for SSH traffic
    source-interface interface to specify to address SSH source
    connections
    timeout specify SSH timeout
    Protocol version to specify supported version

    XXX (config) #ip ssh

    I then upgraded to 12.2 (55) SE9 and there is still not supported.

    XXX availability is 1 minute
    System to regain the power ROM
    System restarted at 14:47:49 GMT Tuesday, July 29, 2014
    System image file is "flash:/c3560-ipservicesk9-mz.122-55.SE9.bin".

    XXX (config) #ip ssh?
    new authentication attempts to specify number of authentication retries
    DSCP DSCP IP value for SSH traffic
    Configure logging for SSH logging
    priority of the value of IP precedence for SSH traffic
    source-interface interface to specify to address SSH source
    connections
    timeout specify SSH timeout
    Protocol version to specify supported version

    XXX (config) #ip ssh

    I would recommend that you upgrade, but I unfortunately don't see any point.

    Thank you

    Nehmaan

  • Issue of Telnet and SSH on Cisco 3750.

    I turn on Cisco 3750 and everything so I wasn't able to connect in the area. I even changed the source interface and update transport under the VTY lines input method, no luck.

    Can I choose to disable SSH by removing the corresponding lines of configs and RSA keys. And I changed the entry to transport back to Telnet. After the reboot of the switch, I'm still not able to connect despite the fact that the box is accessible.

    Any help?

    Thank you

    Jean-Marie

    Hello

    This should help to confirm the configuration and troubleshooting SSH on your device: -.

    http://www.Cisco.com/c/en/us/support/docs/security-VPN/Secure-Shell-SSH/4145-SSH.html

    I hope this helps.
    Kind regards
    Dinesh Moudgil

    PS Please rate helpful messages.

  • Authorized SSH Keys

    I try to configure authentication using SSH on my ID I authorized keys generated my pair of keys using Puttygen.

    When I go in configure my key allowed, I can't determine what my Public Exponent is supposed to be. Anyone can shed some light?

    Thank you

    Mike J.

    PuTTY has been my favorite client SSH for nearly four years.

    I am currently using a recent version of PuTTY (2 July 2004), and the following instructions have been written for this new version. However, build everything from a snapshot taken in recent years should work.

    The main problem in establishing authorized SSH keys is that only the oldest RSA1 key format is acceptable. This means that you must indicate your key generator to create a RSA1 key, and you need to restrict the SSH client using the SSH1 protocol.

    Here is how you do it with recent versions of PuTTY:

    (1) launch puttygen

    (2) in the group 'Settings' at the bottom of the dialog box, click the type of key SSH1. Also, I would recommend to set the number of bits in the key generated to 2048.

    3) click on Generate... Follow the instructions. The key information appears in the upper pane of the dialog box.

    (4) clear on the 'key' comment editing area

    (5) to select all the text in the pane labeled "Public key for pasting into authorized_keys file" and press Ctrl-C.

    (6) areas of edition of type a password in the "Key passphrase" and "Confirm passphrase".

    7) click "save private key".

    (8) save the PuTTY private key file to a directory that is private to your Windows login (in the "Documents and Settings / (userid) /My Documents" subtree under Win2K/XP).

    (9) launch PuTTY

    (10) create a new PuTTY session as follows:

    Session:

    IP address: IP address of the sensor IDS

    Protocol: SSH

    Port: 22

    Connection:

    Auto-login username: cisco (or whatever connection you use on the sensor)

    Connection/SSH:

    Preferred SSH version: 1 only

    Connection/SSH/Auth:

    Private key for authentication file: Navigate to the. PPK file saved in step 8 above.

    Session: (back to top)

    Saved sessions: (enter the sensor name, click Save)

    11) click Open

    Use password authentication to connect to the sensor CLI, since we do not yet have the public key on the sensor.

    (12) type the following command in CLI and press ENTER:

    Configure the terminal

    (13) the following command in the CLI, but do not press ENTER again (make and type a space at the end):

    SSH authorized key mykey

    (14) right click of the mouse in the PuTTY terminal window... causing material Clipboard copied in step 5 to be entered in the CLI

    (15) press on enter

    (16) type the following command in CLI and press ENTER:

    output

    (17) confirm that the authorized key has been entered correctly. The following CLI command and press ENTER:

    view authorized ssh keys mykey

    (18) leave the CLI IDS. The following CLI command and press ENTER:

    output

    =====

    In my next post, I will finish these instructions...

  • Remote SSH connection fall

    Hello

    I have a Cisco 1721 I configured to allow SSH connections in the Internet router on port 2922. For some reason, the SSH connection randomly gets abandoned, most of the time in the middle of typing a command. I don't think it is related to the length of time that I have in the router because I can't rest, usually more than 4 minutes. Any kind of help would be appreciated.

    Thank you

    Brandon

    Hello.. I have my doubts about your static NAT configurations... If you change the access list applied to the ethernet0 (102) and allow ssh (port 22) you can ssh on port 22 of the router E0 IP address Outside... ? .. If the connection is stable and you can then your static NAT might be the cause of the problem.

    I hope this helps... Please, write it down if that is the case!

  • Using SSH Plugin for ESXi management agents

    I know there is an old rule on that, but it doesn't really have a solution.

    Restart the Agents of management with SSHCommand failed... https://communities.VMware.com/thread/436262

    Looking for some advice on creating a workflow to restart esxi host management agents.

    I configured the plugin SSH and authorized keys on the host computer. I am able to use the order workflow run SSH to place orders to the host.

    However, by the way "/sbin/services.sh restart" to the workflow just hangs as stated in the thread referenced above.

    Someone has managed to create a workflow to restart host principals?

    Any help is greatly appreciated!

    I have found that if you leave the workflows that can take up to an hour to finish. I will continue to dig in to see if I can find out why, but I've found a workaround. If you send stdout and stderr null the workflow ends as planned. restart of the /sbin/services.sh & > / dev/null

  • Authentication of the junction ports?

    Hi all

    Maybe a stupid question, but I am unable to find a satisfactory answer.

    We have a couple of 3560 switches, all connected to 3750 battery. One of these 3560 switches is in an open area and asked me if that could be considered a security risk. Of course, whether in an open place is a risk, but if anyone where them unplug the connection of the trunk to our battery and then plug it into another switch, what will happen?

    Should / could authenticate us ports/channel-groups of circuits? I have all the switches configured for authentication ssh connection and network (mac based) against a radius server, but I have not configured authentication on trunk ports that I found descriptions that dot1x cannot be enabled on the ports of junction.

    Thanks in advance

    Chris

    Hello

    I suggest the following:

    > Organise a physical envelope (locked) or any other control of physical security to ensure authorized access to the device. Work around any technical solution or bandage should be only temporary. What is a righteous person happening to your switches? DOS attack! This could also be done by mistake, with the result a unstructred threat.

    > Allow follow-up of these switches (ICMP, SNMP), so that you are alerted when they are disconnected.

    > Change the default NATIVE VLAN (vlan1)

    > Disable trunk negotiation (mode ON)

    Concerning

    Farrukh

  • Installation of Apache on VIMA

    Is there a simple way to get Apache running on the device of VIMA?  I use script healthcheck of kick-ass William and a few other scripts for moving reports html ever 30 minutes, then using logrotate to archive the week reports.  I would just throw these reports to a Web server and instead of creating a new virtual machine running Apache, I prefer to use the same box.  I'm not an expert in Linux.  I tried to install the Apache RPM, I downloaded, but there are some missing dependencies.  I also tried to use YUM, but all repositories are defined on VMWare and no public repository.

    I would not recommend the installation of Apache on your management system of VIMA, just because it is the system that you use to manage your hosts and, possibly, your VM (s). You want this system is entirely secure and introduce something like web services may open potential security vulnerabilities. Secondly, given that it is a striped version of RHEL, there will be many dependencies that will fail and if you download not supported rpm on the net, you can break other things within the system. Not to say that it is not possible, you can probably resolve the dependency using some research online, you can compile the source apache server, even if I don't remember the c/cpp compiler, which is installed by default.

    I highly recommend that configure you another virtual machine to run your apache server, you can probably find some default virtual appliances on VMware device section. You can then configure a paired SSH keys between VIMA and your server apache for scp html more recent reports on your server, this will allow you to automate this process without having to manually run the jobs.

    Happy, you find the VMware health check script very useful

    =========================================================================

    William Lam

    VMware vExpert 2009

    Scripts for VMware ESX/ESXi and resources at: http://engineering.ucsb.edu/~duonglt/vmware/

  • How to configure the proxy in firefox 3.6 via ssh terminal on ubuntu 8.04

    I try to configure Firefox proxy via a terminal ssh (PuTTY) on Ubuntu 8.04. There no GUI for the terminal, so use xvfb to simulate the display. However Firefox cannot open any website because the proxy is not set correctly
    Here's what I tried. Changed a file loadcustom.js in
    /usr/lib/Firefox-3.6x/defaults/prefs
    and added lines
    tell firefox to load the custom configuration file
    Pref ("general.config.obscure_value", 0);
    Pref ("general.config.filename", "firefox.cfg");

    Then created a file firefox.cfg in
    /usr/lib/Firefox3.6x and added the lines
    Lock specific in Firefox preferences so that users cannot change their
    lockPref ("app.update.enabled", false);
    lockPref ("network.proxy.http", "my - proxy.in - my - Domain.com");
    lockPref ("network.proxy.http_port", 8080);
    lockPref ("network.proxy.type", 1);
    lockPref ("network.proxy.no_proxies_on", "localhost, 127.0.0.1, 192.168.1.0/24");
    lockPref ("network.proxy.share_proxy_settings", true);
    lockPref ("browser.startup.homepage", "http://www.google.com/");

    This has not worked for me. Any suggestions?

    Never mind. I got it working now, I just changed in the wrong place I guess.

    I had to add the parameters to usr/lib/firefox-3.6.17/defaults/pref/firefox.js, and then restart Firefox. Here's what I added
    Pref ("network.proxy.type", 4); to have Firefox automatically detect the proxy settings.

  • Configure SSH/Telnet on a WPA2000

    Hello

    I'm trying to configure SSH/Telnet on a Wireless-G WPA2000 Access Point. I have looked for documentation but am unable to find those who said how to do that via the interface user, and I don't see any obvious place where this could be. Someone managed based on setting this up? I would prefer SSH but telnet will do.

    Hi Sarah, small business wireless products do not support a CLI configuration, so no document. In addition, the only management options would be via http/https and SNMP V1, 2, 3.

    -Tom
    Please mark replied messages useful

  • SSH stops in double ISP configuration

    ASA 7.2 (4)

    I (unfortunately!) properly configured a site with double TIS, several site to site VPN (which do not failover), going forwards, etc... The only question that remains is SSH. Before adding a 2nd ISP, ssh on the inside and outside has worked well as expected. When the two interfaces of PSI are active and traffic moves on the primary, SSH is 'scales' on all 3 interfaces. Watch monitoring tool that goes up and down and is confirmed when I actually try to connect to it. Puzzled. Attached sanitized config, but for me, the party concerned is...

    SSH 0.0.0.0 0.0.0.0 inside

    SSH 67.xxx.xxx.0 255.255.255.0 outside

    SSH 67.xxx.xxx.0 255.255.255.0 cable

    SSH timeout 15

    I could maybe understand if the interface not in use has expired due to lack of a return path, but all 3 interfaces are defective. As soon as one of the 2 wan interfaces is disconnected, ssh is well on the other 2.

    Thank you

    Ed

    Yes, the way back could be a problem. I appreciate that you try to SSH on the internet and not on the VPN tunnel.

    Can you check if it contains the same way when you try to access ASDM?

    Can console yourself in the SAA and to collect and capture of ASA internet facing interfaces while you try to SSH.

Maybe you are looking for

  • How I remember my "Favorites" of previous browser?

    I just changed my Internet Explorer browser. How can I transfer the favorite there addresses to you?

  • Pavilion 500-319na: network drivers

    I went on the site of hp for the network drivers, but when I entered the HP product says no driver available. Does anyone know of any other place that I can download drivers for this desktop computer? Thank you

  • Windows 7 - 1 1 update freezes

    I have hv microsoft security essential (msse) installed on my laptop. It has been updated available & when I stopped, it start to install the update of msse. After 50 min. situation remains the same & then I forcely shutdown by pressing ON / OFF. Tel

  • Battery blackBerry Bold 9900 Smartphones worsens more than 50% after 2406 upgrade

    My battery life Bold 9900 worsened considerably after the recent OS 7.0 Bundle 2406 set to level. I had previously struggled to spend the day on a battery, but in general, I could do it for a day and business general use of electronic mail, of limite

  • How can I find the serial number?

    I bought Adobe Acrobat in Office Depot and I provided with the only product key. The Setup program does not recognize it and it asks for a serial number. How I not get that? Thank you!