Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configuring SSH on my 1605 Router

Status
Not open for further replies.
SQL2KDBA69

SQL2KDBA69

Programmer
Feb 4, 2004
227
US
Im current using telnet but want to use SSH?

can someone please give me a walk thru on how to conf this from start to finish. thanks in advance
 
Sort by date Sort by votes
You will need either the IP PLUS IPSEC 56, the IP/FW PLUS IPSEC 56 or the IP/IPX/AT/IBM/FW PLUS IPSEC 56 feature set on this platform tp enable SSH as it requires a 'crypto' license. Once the software is installed you need to create your public keys, for this you must have configured a hostname and an ip domain-name:

router(config)# hostname cisco-1605r
cisco-1605r(config)# ip domain-name router.com
cisco-1605r(config)# crypto key generate rsa modulus 1024
The name for the keys will be: cisco-1605r.router.com

% The key modulus size is 1024 bits
Generating RSA keys ...
[OK]

Once that keys have been generated you can now use SSH to connect to your router. To restrict connections to SSH only (so effectively disabling telnet) you must configure the TTY lines accordingly:

cisco-1605r(config)# line vty 0 4
cisco-1605r(config-line)# transport input ssh


HTH

Andy
 
Upvote 0 Downvote
here is my image file :

c1600-bk8nor2sy-mz.122-31.bin

can i do it with this?
 
Upvote 0 Downvote
That image file is the IP/IPX/AT/IBM/FW PLUS IPSEC 56 image so should work in theory..... I have just checked on the Feature Navigator on CCO though and this tells me you need the 12.2T train of software for SSH.

I would try the commands I posted to see if they are accepted on your IOS version, if not you will need to update to either a 12.2T train or 12.3.

HTH

Andy
 
Upvote 0 Downvote
i dont see the modulus command.

here is what i get:

R1605(config)#crypto key generate rsa ?
usage-keys Generate seperate RSA keys for signing and encryption
<cr>
 
Upvote 0 Downvote
OK, that will still work. The commands are slightly different depending on the IOS version:

router(config)#crypto key generate rsa usage-keys modulus 1024

You can't break anything so try it and see.....

HTH

Andy
 
Upvote 0 Downvote
This is what i get :

R1605(config)#crypto key generate rsa usage-keys ?
<cr>

R1605(config)#crypto key generate rsa usage-keys modulus 1024
^
% Invalid input detected at '^' marker.



 
Upvote 0 Downvote
What happens when you just press return after the 1st command you list?

Andy
 
Upvote 0 Downvote
this is what happened :

R1605(config)#crypto key generate rsa usage-keys
The name for the keys will be: R1605.losaca.adelphia.net
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
Generating RSA keys ...
[OK]
Choose the size of the key modulus in the range of 360 to 2048 for your
Encryption Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
Generating RSA keys ...
[OK]
 
Upvote 0 Downvote
Once that keys have been generated you can now use SSH to connect to your router. To restrict connections to SSH only (so effectively disabling telnet) you must configure the TTY lines accordingly:

cisco-1605r(config)# line vty 0 4
cisco-1605r(config-line)# transport input ssh
Click to expand...

I would test it first though with a SSH client (I use PuTTY) before disabling telnet.

Andy
 
Upvote 0 Downvote
I tried putty and get an error " Network Error : Connection Refused" but it works fine with telnet and i have the tranport input set to all.
 
Upvote 0 Downvote
It might be that SSH terminal support requires 12.2T or 12.3 - can you download a 12.2T or 12.3 release and try that?

Andy
 
Upvote 0 Downvote
No, but you should be able to contact your supplier who should provide it for free or a nominal administrative charge since you aren't changing feature set.

Andy
 
Upvote 0 Downvote
I got it working with putty now. thanks for the help everybody. now i need to work on my 1924 switch i just got.
 
Upvote 0 Downvote
No chance on the 1924 unfortunately..... There is no crypto code for this switch (nor ever will be) even though it runs IOS. The minimum you would need is a 2950G (it must be a 'G' version so it can support the EI features).

Andy
 
Upvote 0 Downvote
no im not doing ssh on my switch. that just the next peice of hardware i have to configure.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jobsp90
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
266
DavetheChef
DavetheChef
CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
363
CPM86
CPM86
testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
306
testman1
testman1
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
499
iggsterman
iggsterman
hairyprogrammer1
  • Locked
  • Question
What is my Speed...?
Replies
1
Views
231
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top