IOS for Enabling SSH on 2691 Router

Similar Messages

• Latest IOS for C3750G 16MB flash

  Hi,
  I have a couple Cisco WS-C3750G-24T with 16MB flash memory.
  Using IOS c3750-ipservices-mz.122-50.SE5.bin
  Can't get ssh to work and think it is because of my IOS version.
  What is the latest IOS version I can use for my switches that support SSH? I need to use the "ipservices" to support VRF lite.
  Thanks

  You are using an image "without crypto". The image name misses the "k9". When you use one that has crypto, you can enable SSH. The recommended version is 12.2.55-SE9. All the images run with 16MB Flash.
  For enabling  SSH, here are some recommendations.

• IOs for cisco 1900 series router

  Hi,
  Kindly provide me the IOS version (cisco 1900 router) which can fix the below listed Bugs,
  Cisco IOS TCP Listener Crafted Packets Remote DoS (CSCek37177)
  Cisco Multiple Devices Crafted IP Option Remote Code Execution (CSCeh52410)
  Cisco IOS System Timers Remote Overflow (CSCei61732)
  Cisco IOS Secure Shell Server TACACS+ Multiple DoS (CSCed65778, CSCed65285)
  Cisco IOS IKE XAUTH ISAKMP IPSec SA Establish Authentication Bypass(CSCeg00277)
  Cisco IOS Telnet Service DoS (CSCef46191)
  Cisco IOS H.323 Protocol Implementation Flaws Cisco IOS Malformed IPv4 Packet Remote DoS Cisco SSH2 Server/Client Malformed Packet Remote DoS (CSCdz60229, CSCdy87221, CSCdu75477)
  Cisco IOS SSH Large Packet CPU Consumption DoS (CSCdw33027) Cisco SIP Crafted INVITE Message Handling DoS (CSCdz39284, CSCdz41124) Cisco IOS Data-link Switching (DLSw) Capabilities Exchange Remote DoS (CSCsf28840)
  Cisco IOS AAA RADIUS Long Username Authentication Bypass (CSCee45312)
  Cisco IOS TCLSH AAA Command Authorization Bypass (CSCeh73049)
  Cisco IOS MMP Stack Group Bidding Protocol (SGBP) Crafted UDP Packet Remote DoS (CSCsb11124)
  Cisco IOS IPv6 Packet Processing Arbitrary Code Execution (CSCef68324)
  Cisco IOS Malformed BGP Packet Processing Remote DoS (CSCee67450)
  Cisco IOS Multi Protocol Label Switching (MPLS) Packet Remote DoS (CSCeb56909)
  Cisco IOS IPv6 Packet Processing Remote DoS (CSCed40933)
  Cisco IOS SCCP Control Protocol Malformed Message DoS (CSCee08584)
  Cisco IOS OSPF Packet Handling DoS (CSCec16481) Cisco IOS ARP Table Overwrite DoS (CSCdu81936)
  Regards,
  Bala

  Hi,
  The Current running IOS version is 12.2(4)T7. I tried through bug toolkit. but i couldn't able to consolidate the IOS to fix these bugs.
  Regards,
  A.Bala
  leolaohoo wrote at Tue Jan 25 02:20:52 GMT+05:30 2011:
  >Balakrishnan Appavu,
  >
  >A new message was posted in the Discussion thread "IOs for cisco 1900 series router":
  >
  >https://supportforums.cisco.com/message/3277195#3277195
  >
  >Author : leolaohoo
  >Profile : https://supportforums.cisco.com/people/leolaohoo
  >
  >Message:

• Not able to enable SSH user equivalency for RAC on RHEL 4

  Hi All,
  I am trying to install oracle RAC 11g on RHEL4 (on VMware), I am using below document for reference.
  http://www.oracle-base.com/articles/11g/OracleDB11gR1RACInstallationOnOEL5UsingVMware.php
  Every thing went fine till "SSH user equivalency", but I am not able to SSH and SCP between servers without entering passwords.
  I have tried removing .ssh folder & recreating pub file twice but it did not helped.
  am i missing something?
  Please advice.
  Thanks,
  Abhay.

  Configure SSH on each node in the cluster. Log in as the "oracle" user and perform the following tasks on each node.
  su - oracle
  mkdir ~/.ssh
  chmod 700 ~/.ssh
  /usr/bin/ssh-keygen -t rsa # Accept the default settings.
  The RSA public key is written to the ~/.ssh/id_rsa.pub file and the private key to the ~/.ssh/id_rsa file.
  Log in as the "*oracle*" user on RAC1, generate an "authorized_keys" file on RAC1 and copy it to RAC2 using the following commands.
  su - oracle
  cd ~/.ssh
  cat id_rsa.pub >> authorized_keys
  scp authorized_keys rac2:/home/oracle/.ssh/
  Next, log in as the "oracle" user on RAC2 and perform the following commands.
  su - oracle
  cd ~/.ssh
  cat id_rsa.pub >> authorized_keys
  scp authorized_keys rac1:/home/oracle/.ssh/
  The "authorized_keys" file on both servers now contains the public keys generated on all RAC nodes.
  To enable SSH user equivalency on the cluster member nodes issue the following commands on each node.
  ssh rac1 date
  ssh rac2 date
  ssh rac1.localdomain date
  ssh rac2.localdomain date
  exec /usr/bin/ssh-agent $SHELL
  /usr/bin/ssh-add
  You should now be able to SSH and SCP between servers without entering passwords.
  hope, this may helps you.
  enjoy.
  if you are unable to resolve it, please refer:-
  http://download.oracle.com/docs/cd/B28359_01/rac.111/b28252/preparing.htm#BGBBDHIB
  http://dsstos. blogspot.com/2009/03/linux-oracle-rac-and-bonding-conundrum.html

• Selecting appropriate Router & IOS for Gatekeeper

  Hi All,
  I managing the Video conference setup but I am struggling to find a appropriate IOS for Gatekeeper
  I need some suggestion for selecting router series (Is 2620XM is ok?) and also the appropriate IOS?
  Gateway is Tandberg
  Planning for 8 video conference (8x256)

  This URL should help you:
  http://www.cisco.com/en/US/products/hw/routers/ps259/index.html
  http://www.cisco.com/en/US/products/sw/voicesw/index.html

• Upgrade IOS for Router 1721 & 2651

  Hi,
  I want to upgrade IOS for Router 1721 & 2651, the version is lastest version - 1 (i.e. N-1).
  what's the version and memory need?
  Please kindly put the cisco reference link.
  Thanks a lot!
  Samuel

  Hi
  You need to give more details then just the model no. like the output of "show version" etc.
  Anyway you can view about it at following link.
  http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
  Just to remind that to download the IOS you need to have a Partner/CCIE login.
  Hope that helps
  Pls rate helpful posts.
  Regards
  JD

• Port Forwarding Comcast Modem/Router for enabling ...

  The process of port forwarding seems long and complicated. Is the Freetalk Connect Me phone adapter, which is no longer offered by Skype, worth it? I'd like to begin using my Skype service and use Comcast only for internet. The modem/router I use now has two phone ports. Will default settings in Skype allow me to use this modem?

  Skype's standard service doesn't natively support SIP, only through the use of the connect service which is pricier.  The failure was my experience,  it may not be the same for you, whatever software or hardware issues create the problem might be addressed in the newer releases.  I guess I will find out over time.  I'm still slowly trying to figure out if they are repairable and I've been partially successful.  One other similar device is the Soundwin SP110.  Someone posted what I think is the most reasonable price I have seen it for.(http://global.pchome.com.tw/english/?m=item&f=exhibit&IT_NO=DSAD04-A64453055).  It's getting better with firmware updates, but I personally don't own one.

• Enabling SSH on Cisco 4507

  How do you configure ssh on Cisco 4507 ? I did "show ip ssh" and the log below is displayed as a result.
  Router#show ip ssh
  SSH Disabled - version 1.99
  %Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
  Authentication timeout: 120 secs; Authentication retries: 3
  Minimum expected Diffie Hellman key size : 1024 bits
  IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE
  Thanks.

  Hi,
  Check this link..
  http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
  aaa related commands are not mandatory. You can even use local authentication. Also, make sure the IOS supports SSH.
  Do 'Shoe version' the IOS name contains 'k9' for crypto.
  hth
  MS

• Rescue CD/distribution that enables ssh/telnet on boot?

  Hi all,
  I am looking for a distribution/live cd that enables ssh/telnet (or something similar) on boot. The reason I need this: I am trying to get data from a broken all-in-one PC (only the monitor appears broken), and do not have access to a monitor.
  I have searched google for this, and it looks like this particular livecd may not exist, and that I may have to create my own livecd (something I have never done before...).
  I figured I'd ask here first, in case anyone knew of such a livecd.
  Thanks

  WonderWoofy wrote:
  I never said you were rude, but I am giving you a viable solution.  It is not like you are going to have to do this over and over again, you simply need access to your headless machine (hopefully just once anyway).
  I did exactly what I am proposing to you when I installed Arch on my headless server.  So I know it can be done, and it is probably one of the simplest of solutions... by that I mean you could be moving data off your drive by now.
  Insert Archiso and press power button
  ...give it some time to boot...
  # passwd <desired password>
  # systemctl start sshd
  PROFIT!
  I tried this earlier, but it did not seem to work. I'll move the PC downstairs and hook it up straight to the router instead of my current usage of powerline ethernet (seems harder to find the IP with nmap), and try the arch iso again.
  The good news is that I know it boots from the CD, from looking at the various lights and listening to the hdd/drive sounds. xD

• Enabling ssh with a startup config or similar?

  Hello,
  Im am currently testing the new features of IOS 12.2 55 SE1 called "Smart Install".
  I got it working even though it still has many issues but that's probably because it is a very new functionality.
  Anyways, we are using it currently in a lab-environment to test the "zero-touch" replacement of defective Switches. In that case the Director of the SI Network knows what config the defective Switch has saved last.
  It then uses that exact config to deploy to the replaced switch as a startup config.
  For Security Reasons we have the command "transport input ssh" on all lines enabled. (Makes sense if you want to shut out telnet).
  Now, when the new Switch receives the IOS Update (which is also delievered in Smart Install) and therefore reboots, it now uses our startup config.
  With the above mentioned command "transport input ssh" on the lines, we have no way of connecting to the newly replaced switch.
  "Crypto keys cannot be generated on startup" is the message I see on the Serial-Console output.
  Has anyone got an idea how we could work around this?
  Is there a way to tell a switch he has to generate an rsa certificate to enable ssh without "touching" it?
  I know that with the command "transport input all" this issue would not be an issue, but that is not an option for a possible productive Release. Since we are using a config of a switch that was running productively, the running config cannot allow telnet to be used..
  I have asked Google, used this forum's search functionality and found nothing. I am absolutely sure though, that this is an issue many Cisco Users have to work with, so I was suprised not to find anything.
  Details of our lab:
  Director Switch: C3560 with IOS 12.2 55 SE1
  Client Switch (to be replaced): C2960 IOS 12.2 55 SE1
  Both have the crypto-image installed.

  Hello Richard,
  Thanks for your answer.
  Smart Install gets the config to the new switch by telnet. Since a factory-new Switch can do telnet, the initial config comes from the director. It connects to the switch over a non-standard telnet port and issues the copy command to get the startup config from the tftp server. After that it does the same with the IOS. We can't really do anything because every interaction with the new switch stops the smartinstall process.
  In your desscribed solution (I will test it later this week) it could be a working solution for deploying new switches.
  In my Scenario however there currently seems to be no way to enable ssh when the startup config is the last known configuration from the switch that died, beacuse this startup config we cannot manually edit (it would defeat the purpose of this feature), since it is backed up by the director and the logic of deciding wheter or not this config is to be used runs on the director.
  I am in contact with "our guys" from cisco, and they are trying to get feedback from the developer team of this feature. I will keep testing new releases for this issue and will report any progress.

• TFTP server on 2691 router

  Dear Cisco techs,
  Can someone please guide me to link on how to set up TFTP on 2691 router
  When I type conf t.
  tttp-server flash: is does nothing
  Or tftp-server gives unrecognized command
  Have searched quite a few places. Leads to various links but nothing conclusive. One directed me to a tftpdnld command but is for ios image updating only.
  Want to update flash: with more files for ip phone
  Why does cisco make this so difficult?
  Thanks again :) 

  Thanks Leo. I wasn't in global config mode. All this cisco stuff is very interesting and at time challenging. LUV IT
  One more question if I may.
  Sh clock keep referring back to year 2002 after being updated. I unplug router. Goes back to 2002. How can I keep it as current date?
  NTP server has been set but not synchronised. 
  Does NTP server control the sh clock command output?

• Cisco IOS IPS in Cisco 2921/k9 router

  Hi All,
  I have a router of Cisco 2921 series (C2921/K9) basic box with IP BAse IOS image (SL-29-IPB-K9 IOS). I would like to enable IOS Level IPS feature on this Router now. Based on the Cisco Document i have found i need to purchase an additonal subscripton license to enale the IPS feature. My querry is-
  Will it support on the Basic IP Base IOS or do i need to change the IOS?
  If i need to purchase the Subscription Licesne, how can i get the part number and cost for the same?
  Do i need to buy any addtional module for this like (NME-IPS-K9) ?
  Thanks in advance for your quick support
  regards
  Sunny

  Hi Sunny
  1. Yes you can enable IPS on IOS with the security license, without buying a subscription, but this would make little sense - new signatures are being released all the time so you would not be protected from recently discovered vulnerabilities/attacks.
  2. Correct, the modules and appliances run a different kind of software and are much more powerful
  3. If you add the module, you do NOT need the security license. It would still be advised to get a subscription license to get signature updates for the module.
  I hope this helps, let us know.
  regards
  Herbert
  jacob.samuel wrote:Dear Herbert,Thanks alot for the wonderful post. It clear most of my doubts. Still i kindly need to know few more points-1)  Cant we enable IPS Feature on 2921/K9 router (with Sec license or 2921Sec/K9 bundle) without signature subscription license (is it a must? it is for getting updates of signatures and for support only, right?)2)  I came to know from a distributor pre-sales engineer that the Cisco IOS Level Intrusion Protection is not going to provide the full feature of IPS like NME module or IPS Applinace. Is that right?3)  If i add NME-IPS-K9 Module to my 2921 Router, without enabling Sec License, can i enable IPS feature on the Router. Or is it a must that i need to buy Sec License (SL-29-SEC-K9)?Attaching the Datasheet of NME-IPS-K9 module (Page num 5 above Table 3) mentione as follows-Cisco IOS Software Feature Sets and ReleaseTable 3 lists the required Cisco IOS feature sets and releases for Cisco IPS AIM and IPS NME on the Cisco 1841,
  2800 and 3800 series Integrated Services Routers Note that, IPS NME on the Cisco 2900 and 3900 Integrated
  Services Routers does not require a Security Feature license.
  In that case if i buy a module i can install it on the 2921K9 box directly and can enable the IPS feature right? I dont need any License and additonal signature subscription here to enable the IPS feature (if i dont need signature updates and support) right?
  thanks alot for the support.
  regards
  Sunny

• Vlan Interface on a 2691 router

  Hi,
  I am trying to create an vlan interface on a 2691 router but can't do it. What switch module do I need and what code. Argh!! I've searcehed all over cisco but I can't find it. What am I mmissing??
  Thanks,
  Lee

  Can you give us more information about what is it that you're trying to do?
  Your IOS is the latest and greatest in the 12.3 line as of the date of this posting. And your Feature Set is Advanced Enterprise Services, which is the fullest Feature Set you can get. (The "Plus" capabilities were folded into Enterprise Services when Cisco reorganized the Feature Sets they offer.)
  Going back to your original situation. I may have misunderstood exactly what you are trying to do.
  RE: "I am trying to create an vlan interface on a 2691 router but can't do it."
  If by this you mean you are tring to create an "interface Vlan2" or "interface Vlan10" or "interface Vlan18" like you can do on the Cisco Catalyst switches, and then put interface-specific commands underneath it, then I don't think you can. Even though you can enter "interface ?" and it shows Vlan as one of the options, it is my understanding that you do it as I outlined above in my previous post.
  If you are going to carry multiple VLANs on a single router port connected to an 802.1Q trunking switch port, then if you need IPX capabilities on a particular sub-interface, just add the IPX network address and IPX frame/encapsulation type under the sub-interface.
  If you're just trying to dedicate one router LAN port to act as a default gateway for a particular VLAN, then connect the router to a switch port that is defined as an access port for that VLAN. Assign the appropriate IP and IPX addressing under the router's LAN interface and you're done. No need for sub-interfaces, or bothering to configure the router with any Layer 2 VLAN information, except maybe a description assigned to the port that tells you what VLAN on the switch you're connecting it to.
  RE: "What switch module do I need and what code."
  If you're trying to host multiple 10/100 switching ports within the router, then you are looking for some version of Cisco's 16-port EtherSwitch Network Module. The model number NM-16ESW-something, where the "something" designates support for inline power or an optional Gigabit Ethernet interface. This should run on the code you have.
  The NM-16ESW supports 802.1Q, according to the documentation. But I have never worked with one, so I couldn't tell you how the interfaces are numbered (Fa1/0 through Fa1/15?). Also, I have no idea how the router communicates with the switching network module internally: are there 16 separate FastEthernet ports now, each one configurable as the router's own LAN ports are? Or is there some common, internal backplane-type connection between the network module and the router's CPU, configured like a Gigabit Ethernet VLAN trunk port when you implement multiple access VLANs on the 10/100 ports?
  Rather than use an NM-16ESW in a router to handle multiple VLANs, I would just use a Cisco Layer 3 switch if it were only for routing IP. 3550 or 3750 would be fine. But if you need IPX routing, then in Cisco's line you either need routers or chassis switches running Enterprise code. Other manufacturers support IPX and IP in a stackable size: Foundry, HP, and Extreme Networks, for example. In fact, Foundry and HP (who OEMs some product from Foundry) use a CLI very much like Cisco's. I've even seen HP switches show up as CDP neighbors to a Cisco router.
  There are times to use routers and times to use Layer 3 switches. And times when you need both. It all depends on what you're doing, and what you're trying to do it with...

• Enabling SSH and disabling Telnet

  I am trying to enable SSH on a 3560G switch so I can disable Telnet.
  Some have mentioned to do an "sh ssh" to see if I have ssh on the switch. It doesn't show. I also have done "transport input ssh" and ssh isn't a valid input method.
  So I decided to upgrade the IOS on the switch. I am now at 12.2(52) SE.
  But I still cannot configure SSH. I get the same results as mentioned above.
  Since this is the latest version of IOS can I not assume that it contains SSH? Or do I need to download a different version of IOS that specifically has SSH in it?
  Thanks for your help

  Yup, you need a K9/CRYPTO image, e.g:
  c3560-ipservicesk9-mz.122-52.SE.bin
  You can use the feature nagivator to search for images with 'Secure Shell' support:
  www.cisco.com/go/fn
  It can be either .tar or .bin does not matter. The .tar image includes the web-gui files (alongwith the .bin IOS image) and does not affect the SSH capability.
  Regards
  Farrukh

• Is there any way to enable SSH via Terminal in the OSX Installer utility list?

  Hi guys, I've messed up my install a little on my internal HDD.. I can't boot into OSX as I keep getting kernel panics on boot. I was just wondering if there's any way I can SSH into my Mac Pro via the Terminal on the OSX Installer Utilities list.. I have a Macbook Pro to SSH from but I need a way to enable SSH via that Terminal "-bash-3.2#"..
  I've tried to use the systemsetup -setremotelogin on command but I know SSH requires login keys and as I have no idea what can be used as those keys for the OSX Installer version of Terminal I have no idea how I can enable SSH..
  Tried some sudo commands but as I guess it runs at a completely different level to sudo it won't actually recognise the sudo command..
  Any help would be greatly appreciated guys, if you need me to post any info or results to help then just let me know.
  Thanks alot
  Chris

  If your Mac cannot boot to the OS X installation then you will not be able to set up the SSH (Remote Login) sharing service. The OS X installer does not support any of the system's sharing services. Technically it does have the sshd daemon (server process) that you can set up to accept a connection; however, this will not give you any additional benefit.
  The only reason to SSH into the system would be to get to the Terminal command prompt anyway, which is available when you boot to the Recovery HD partition and choose Terminal from the Utilities menu. If you were to set up SSH and log in, you would still only have the functionality provided by the Terminal in the Utilities menu, and not have access to your Mac's full OS installation.