Downloads |
Document ID: 19143
Questions
Introduction
How do I configure SSH terminal-line access (also known as reverse-telnet)?
Is SSH supported on the Catalyst 2900?
How can I determine which platforms and versions of code support SSH?
When I try to remove certain SSH commands from my router, it continues to ask me to create RSA keys in order to enable SSH. Why is this?
Does Cisco IOS® SSH version 2 support Digital Signature Standard (DSS)?
Does the Cisco IOS SSH server support agent forwarding?
Does Cisco IOS support SSH authentication with digital certificates?
What does the error Local: Corrupted check bytes on input mean?
NetPro Discussion Forums - Featured Conversations
Related Information
Introduction
This document answers the most Frequently Asked Questions (FAQs) related to Secure Shell (SSH).
Q. How do I configure SSH terminal-line access (also known as reverse-telnet)?
A. This was first introduced in some platforms of Cisco IOS® Software Release 12.2.2.T.
Router(config)#line line-number [ending-line-number] Router(config-line)#no exec Router(config-line)#login {local | authentication listname Router(config-line)#rotary group Router(config-line)#transport input {all | ssh} Router(config-line)#exit Router(config)#ip ssh port portnum rotary group !--- Line 1 SSH Port Number 2001 line 1 no exec login authentication default rotary 1 transport input ssh !--- Line 2 SSH Port Number 2002 line 2 no exec login authentication default rotary 2 transport input ssh !--- Line 3 SSH Port Number 2003 line 3 no exec login authentication default rotary 3 transport input ssh ip ssh port 2001 rotary 1 3Command Reference:
ip ssh port ip ssh port portnum rotary group no ip ssh port portnum rotary group
- portnum —Specifies the port to which SSH needs to connect, such as 2001.
- rotary group —Specifies the defined rotary that needs to search for a valid name.
Q. Is SSH supported on the Catalyst 2900?
A. No, it is not.
Q. How can I determine which platforms and versions of code support SSH?
A. See the Feature Navigator ( registered customers only) and specify the SSH feature.
Q. When I try to remove certain SSH commands from my router, it continues to ask me to create RSA keys in order to enable SSH. Why is this?
A. An example of this problem is show here:
804#configure terminal Enter configuration commands, one per line. End with CNTL/Z. 804(config)#no ip ssh time-out 120 Please create RSA keys to enable SSH. 804(config)#no ip ssh authen Please create RSA keys to enable SSH. 804(config)You are encountering Cisco bug ID CSCdv70159 ( registered customers only) .
Q. Does Cisco IOS® SSH version 2 support Digital Signature Standard (DSS)?
A. Cisco IOS SSH version 2 (derived from OpenSSH code) does not support DSS.
Q. Does the Cisco IOS SSH server support agent forwarding?
A. Cisco IOS SSH does not support agent forwarding. Cisco IOS SSH is derived from OpenSSH code. It interoperates with all the commercial SSH implementations.
Q. Does Cisco IOS support SSH authentication with digital certificates?
A. Cisco IOS does not support SSH authentication with digital certificates.
Q. What does the error Local: Corrupted check bytes on input mean?
A. Corrupted checkbytes means the SSH packet received failed its integrity check. This is usually because of incorrect decryption. This is also because of an incorrect key used. The incorrect key is caused by the dropping of an encrypted SSH packet. You have either dropped an encrypted packet which should have been sent or dropped a received encrypted packet which should have been decrypted.
NetPro Discussion Forums - Featured Conversations
| NetPro Discussion Forums - Featured Conversations for VPN |
| Service Providers: VPN Service Architectures |
| Service Providers: Network Management |
| Virtual Private Networks: Security |
| Virtual Private Networks: General |
Related Information
| Updated: Feb 02, 2006 | Document ID: 19143 |