Telnet or ssh acecss on wrt160nl
Hello,
i have 2 questions regarding wrt160nl.
1.Is it possible to have ssh or telnet access on the router, with the default firmware?
2.Is it possible to disable one of the antennas on the router, while has installed the default firmware?
Thank you
ssh or telnet access on the WRT160NL should be possible. no need to load any 3rd party firmware for this purpose. to configure your telnet session, check out: How to Telnet to Linksys WRT160NL.
configuring the antennas is not possible using the default firmware. for this you'll have to turn to 3rd party software developers.
Similar Messages
-
Not able to telnet or ssh to outside interface of ASA and Cisco Router
Dear All
Please help me with following question, I have set up testing lab, but still not work.
it is Hub and spoke site to site vpn case, connection between hub and spoke is metro-E, so we are using private ip for outside interface at each site.
Hub -- Juniper SRX
Spoke One - Cisco ASA with version 9.1(5)
spoke two - Cisco router with version 12.3
site to site vpn has been successful established. Customer would like to telnet/ssh to spoke's outside ip from Hub(using Hub's outside interface as source for telnet/ssh), or vise versa. Reason for setting up like this is they wants to be able to make configuration change even when site to site vpn is down. Sound like a easy job to do, I tried for a long time, search this forum and google too, but still not work.
Now I can successfully telnet/ssh to Hub SRX's outside interface from spoke (ASA has no telnet/ssh client, tested using Cisco router).
Anyone has ever done it before, please help to share your exp. Does Cisco ASA or router even support it?
When I tested it, of cause site to site vpn still up and running.
Thanks
YKHello YK,
On this case on the ASA, you should have the following:
CConfiguring Management Access Over a VPN Tunnel
If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec LAN-to-LAN, and the AnyConnect SSL VPN client.
To specify an interface as a mangement-only interface, enter the following command:
hostname(config)# management access management_interface
where management_interface specifies the name of the management interface you want to access when entering the security appliance from another interface.
You can define only one management-access interface
Also make sure you have the pertinent configuration for SSH, telnet, ASDM and SNMP(if required), for a quick test you can enable on your lab Test:
SSH
- ssh 0 0 outside
- aaa authentication ssh console LOCAL
- Make sure you have a default RSA key, or create a new one either ways, with this command:
*crypto key generate rsa modulus 2048
Telnet
- telnet 0 0 outside
- aaa authentication telnet console LOCAL
Afterwards, if this works you can define the subnets that should be permitted.
On the router:
!--- Step 1: Configure the hostname if you have not previously done so.
hostname Router
!--- aaa new-model causes the local username and password on the router
!--- to be used in the absence of other AAA statements.
aaa new-model
username cisco password 0 cisco
!--- Step 2: Configure the router's DNS domain.
ip domain-name yourdomain.com
!--- Step 3: Generate an SSH key to be used with SSH.
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 3
!--- Step 4: By default the vtys' transport is Telnet. In this case,
!--- Telnet and SSH is supported with transport input all
line vty 0 4
transport input All
*!--- Instead of aaa new-model, the login local command may be used.
no aaa new-model
line vty 0 4
login local
Let me know how it works out!
Please don't forget to Rate and mark as correct the helpful Post!
David Castro,
Regards, -
Hi Everybody!!!
I have noticed that I can log in using almost every configured IP address on the device (here Catalyst 6500).
I'm wondreing why? I'm not talking about source address, but the destination one.
I have many vlan interfaces configured on the device. Almost every interface has assigned an IP address.
And I can access remotely the switch using telnet or ssh protocol using every assigned IP address to Vlan interfaces.
I'm wondering if it is desirable.
Could someone explain it to me.
Maybe there is a way to reduce the number of possible addresses, which I can use to log in (destination address).
Best regards,
Agata Czekalska
Technical University of LodzHi
Hmm Technical University..
I am basing this on a couple of asumptions.
Assumption: this is one of the devices that services students/teachers/others
Assumption: students are intelligent and inquisitive.
Assumption: you are the only one/group that should have access to the device.
First your 6500 chassi is/are available on several different VLANS.
this I would stop at once IF there is no special reason for it to be configured that way.
My guess is that if it is not hacked, then it is not far from getting just that.
it does not mean that someone is doing anything malicious with it, but there might be misconfigurations and stuff that disrupts service.
I would actually if possible stop all telnet/ssh/http/https traffic to the device itself.
Atleast stop telnet and http since they send the login information in cleartext.
if the student have a sniffer they will have the loginnames and passwords quickly.
Get a firewall (asa5505?), and setup a pc behind it with a direct connected serial cable to the 6500 (and other switches maybe ?) to connect to the pc you would then open up the firewall only for appropriate communication means (ipsec vpn/ssl vpn/AAA TCP communication)
use personal usernames and passwords so that everyone have their own username and password to login to the equipment.
dont forget to set up NTP. that will help not only with time, it will also help with who was last on.
This method secures the device from malicious use or accidental missconfiguration from someone not authorised to use it in that way.
if this is not possible or desireable in your case, ACLs are used to control what ip address are allowed to access the unit.
HTH -
Hey Guys, I cant telnet or ssh to one of my switches. I can however telnet to the switch i'm having trouble with from another switch on the network. I have the config attached, Thanks for any help!
you are missing ip default-gateway command with pointing to your default gateway IP for switch subnet.
-
i have a webserver in my basement without a keyboard, monitor or mouse permanently attached to it. so maintaining it is rather difficult. so i've been looking at setting up telnet or ssh on it (which i should have done from the start) so i can manage it from another machine within my network
now i understand that telnet lacks any type of security, and i'm only using it behind my network anyway. but my concern is if i want to log into it from outside my network through my vpn. i use openvpn, so i'm asking, because i'm not sure the vpn connection is encrypted or not, and if its not, then ssh will be the way to go, otherwise i think telnet is just easier..:B:. wrote:If 'minimal' updates mean what I think it means, then you're only making yourself miserable. Partial updates will break the system; it's a rolling release and often updates depend on one another. Doing 'minimal' updates is not the way to go. If you're afraid stuff breaks, pick another distro, or try the Arch Server Project, or at least install an LTS kernel like gazj did.
i didn't mean minimal updates like that, i just meant that i don't update it very often. i do run the lts kernel. i just don't update everything else too often out of the blue like that because its setup and working. i ran into issues with mysql one time when i just went ahead and updated, had trouble getting it going right. so i like to plan my downtime and try to know what to expect. so instead of planning to have it down for 10 minutes, and having that turn into an hour, i can plan for an hour if thats what i know it will take. -
Not Able to Telnet or SSH Cisco ASA
Hi,
I am not able to do the following to Cisco ASA with one IP address 172.19.1.11, below is the configuration in ASA. Earlier it was working, all of a sudden it stopped working.
Please help.
1. Not Able to SSH
2. Solarwinds not able to take information from ASA.
http 172.19.1.11 255.255.255.255 inside
snmp-server host inside 172.19.1.11 community srnemapd
telnet 172.19.1.11 255.255.255.255 inside
ssh 172.19.1.11 255.255.255.255 inside
ntp server 172.19.1.11 source inside preferHi there,
Just add a new IP address for ssh to ASA, this will kick start the demon.
This new IP does not have to be a real one.
Hope this helps.
Thanks
Rizwan Rafeek -
Telnet, rlogin, ssh not ok on sun 240 with solaris 5.10 on it
Hello,
I am facing some problems with connecting througth telnet, rlogin or ssh on a SUN 240 server carying solaris 10 software on it. When I try to connect througth the serial port, it gives me this error:
telnet 10.151.145.6 2100Trying 10.151.145.6...
Connected to 10.151.145.6.
Escape character is '^]'.
rel4gold_sam_1_7_1 console login: Dec 22 18:21:33 rel4gold_sam_1_7_1 uplink: uplink1: Standby link failure - not receiving heartbeats (B)
Dec 22 18:23:33 rel4gold_sam_1_7_1 last message repeated 1 time
INIT: Command is respawning too rapidly. Check for possible errors.
id: cn "/opt/CCPUsrvr/bin/ccnd -s 38400 -f none -l /dev/term/b #CCPU CCNd"
Dec 22 18:25:34 rel4gold_sam_1_7_1 uplink: uplink1: Standby link failure - not receiving heartbeats (B)
rel4gold_sam_1_7_1 console login: root
Dec 22 18:25:51 rel4gold_sam_1_7_1 login: open_module: /usr/lib/security/pam_authtok_get.so.1 failed: ld.so.1: login: fatal: passwdutil.so.1: open failed: No such file or directory
Dec 22 18:25:51 rel4gold_sam_1_7_1 login: load_modules: can not open module /usr/lib/security/pam_authtok_get.so.1
Ping is working properly. Do you have any ideea how can i fix this problem?
Thank you.Yeahh, guys!!!
I was trying to establish a two-node cluster using VirtualBox + Solaris x86 + Sun Cluster 3.2. The node where I was running scinstall to configure my cluster environment was rebooting the other node in the end of the configuration process but it was hanging in the "Rebooting node01..." message just because it was not able to establish the cluster.
After see your comments, I changed Solaris x86 to Solaris Express Community Edition and Sun Cluster to Cluster Express and now everything is working fine!
Thanks!
Jansen Sena <[email protected]> -
Hi
we are transitioning from Telnet to the more secure SSH type connection changing to ssh from telnet What i dont know is how this will impact the applications and the interfaces
i dont know how this will impact the following application
SMTP forwarding from SAP.
Interface from WebMethods.
Interface between R/3, BW and CRM
can any one suggest us in thisHi
we are transitioning from Telnet to the more secure SSH type connection changing to ssh from telnet What i dont know is how this will impact the applications and the interfaces
i dont know how this will impact the following application
SMTP forwarding from SAP.
Interface from WebMethods.
Interface between R/3, BW and CRM
can any one suggest us in this -
Question of telnet or SSH to 4500X management port
I configured 4500X management port (Fa1) and I can ping the IP from the network. But when I tried telnet to the port, the switch showed "password required but not set".
I didn't configure any password for VTY. Should it be equivalent to "no login"? If to set or change a password for the management port, where to configure it?
Thanks a lotHi,
Yes, "password" and "login" for the management port should be configured under the "vty" lines.
Best regards,
Antonin -
[Feature Request] Wap321 SSH/Telnet Support
Dear Cisco Developers,
we are facing a problem with your design choice of not to support Telnet/SSH on the Wap321. We bought this Product because it was one of the only Access Points with SSH and Telnet Support.
We need the SSH Support for a script that changes the WPA-psk key of the interface wlan0 on more then 20AP's every Week. Everything was good until we got hold of a new charge which came with firmware version 1.0.1.10.
Changelog:
"Due to security concerns, Telnet and SSH access options are removed in firmware version 1.0.1.10."
So I talked with the German Cisco Small Business Support and he said he will investigate and try to get it to the Second Support tier. Well it never came to that, he called us two days later and said that is was a BUG to Support SSH and Telnet on the WAP321 and it was never designed to be a Feature.
So i guess we have following options:
1.Bring back the SSH Support for the Wap321 in the next Firmware update
2.Provide Firmware version 1.0.0.3
3.Give me a Workaround for my task
So any help would be appreciated and i hope we are not the only ones that would like to see a comeback of this feature.
In hope for comments
Best wish
Fabian Schwarz
(PTA-Support)
PS: Support Ticket was
624972937No Sir I do not.
According to the response from L2:
SSH is only enabled for customer to use it on switches.
Developers normally do not allow SSH (enable or protect with password) for end
user on any Wireless device. Management is done by web interface.
In this particular case SSH was enabled only due to some bugs which were
monitored during first release so it is not meant to be for end user.
Because of particular security risks, SSH is for troubleshooting by developers.
Currently there is no chance that they would issue any official firmware for this as
well as there is a little chance they would create special firmware for just a few
customers.
I am sorry for any inconvenience that this has caused.
Eric Moyers
If you like you can roll the mouse over my picture and get my actual email address and contact me directly. -
Unable to Telnet / SSH to a particular cisco switch
Hello,
I have an unusual issue that I just can't seem to track down. We have a Windows Server 2008 R2 box that is unable to telnet or ssh to one switch in our network.
Server IP: 10.0.0.74
Cisco Switch IP: 10.1.0.7
I am able to access all other switches/routers on the 10.1.0.x network, but not this one. I ping and tracert by ip address and name.
We have a number other servers on our network and they all can access this switch
Example:
a. 10.0.0.73 can telnet/ssh to 10.1.0.7
b. 10.0.0.72 can telnet/ssh to 10.1.0.7
c. 10.0.0.50 can telnet/ssh to 10.1.0.7
d. My workstation (10.0.250.213) can telnet/ssh to 10.1.0.7
If anyone can help with troubleshooting further, I would greatly appreciate it.Thanks for the reply Philippe! Here is the route print
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.2 10.0.0.74 266
10.0.0.0 255.255.0.0 On-link 10.0.0.74 266
10.0.0.74 255.255.255.255 On-link 10.0.0.74 266
10.0.255.255 255.255.255.255 On-link 10.0.0.74 266
10.10.0.0 255.255.0.0 On-link 10.0.0.74 266
10.10.0.74 255.255.255.255 On-link 10.0.0.74 266
10.10.255.255 255.255.255.255 On-link 10.0.0.74 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.74 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.74 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.0.0.2 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Firewall is disabled and there is no active antivirus. Im pretty sure port blocking is not the issue. I am able to ssh and telnet from this box to every other switch/router in our network.
This server has Solarwinds on it and tracks the health of our network (servers, routers, switches, ups, ect.). The only reason we noticed an issue is because it stopped backing up the config for this particular switch. All other switchs/routers
config is backed up to this server every morning at 2:00AM.
With solarwinds, this server is also able to communicate with this switch via snmp / icmp and ping.
Thanks again for the help! -
Transport input telnet ssh help
Hello,
I had two questions about remotely login to switch or router :
1. What is the default setting on switch or router to accept remote login (i.e., telnet or ssh)
2. If i configure...TRANSPORT INPUT TELNET SSH... which one is default and accepted first by switch or router. I mean I know that it will accept both but I want to know that If I configure both to accept then which one has the first priority or by default which one is accepted first, tenet or ssh.
Thanks1) Default settings on all VTYs are "transport input all" --> all the supported protocols, that includes both telnet and ssh.
2) There is no priority level on which one is accepted first. Basically it just listens on both protocols (telnet - tcp/23 and ssh - tcp/22) for remote management.
Here is the command description for your reference:
http://www.cisco.com/en/US/docs/ios/termserv/command/reference/tsv_s1.html#wp1069219
Hope that helps. -
I am unable to telnet or ssh to a router from internet (LAN works fine). I see following in debug logs on the router
*Jun 7 12:19:22: TCP0: state was LISTEN -> SYNRCVD [22 -> <Outside IP removed>(59121)]
*Jun 7 12:19:22: TCP: tcb 85455EE8 connection to <Outside IP removed>:59121, peer MSS 1260, MSS is 516
*Jun 7 12:19:22: TCP: sending SYN, seq 1340633744, ack 114092318
*Jun 7 12:19:22: TCP0: Connection to <Outside IP removed>:59121, advertising MSS 536
*Jun 7 12:19:22: TCP0: RST received, Closing connection
*Jun 7 12:19:22: TCP0: state was SYNRCVD -> CLOSED [22 -> <Outside IP removed>(59121)]
*Jun 7 12:19:22: tcp0: T CLOSED <Outside IP removed>:59121 <Telnet Host IP removed>:22 early close
*Jun 7 12:19:22: TCB 0x85455EE8 destroyed
Is it something to do with mss?
Any help would be greatly appreciated.Hi sajidilyas,
Have you solved the issue?
In my case, It's seems caused by asymetric routing. CMIIW
I'm still waiting for next testing. -
ASR 5000 access list for ssh and telnet
Dears,
how can we apply an access list for telnet and ssh on asr 5k ?
please advise if this is feasible.
thx.Hello Joseph,
Sorry for the delay in response.
To control access to ASR5000 via telnet, other than configuring an ACL, there is a way to disable telnetd by configuring local context.
For example:
config
context local
no server telnetd
#exit
System Administration Guide of the relevant version will give you detailed information in this regard.
Here is the latest system admin guide (for SW version 17): http://www.cisco.com/c/dam/en/us/td/docs/wireless/asr_5000/17-0/PDF/17-ASR5000-Sys-Admin.pdf
You can find other guides here: http://www.cisco.com/c/en/us/support/wireless/asr-5000-series/products-installation-and-configuration-guides-list.html
Hope this helps..
Regards
Aneesh -
No exit: CDE with ssh - telnet is ok
Hi
We use SGD 4.2 on Sol10 Sparc. The CDE Sessions (Solaris Sparc) work great, but when we switch from telnet to ssh as 'connection method', the Sessions remains open after clicking 'exit'. The 'keep launch connection open' is greyed (not changeable) but active for 'connexction method'=SSH.
With 'telnet' the 'exit' works nice.
any ideas ?
Thanks
CarstenVery old problem! Sorry to say.
This is one of the thinks I never was able to solve.
The reason is, that CDE cannot terminat, because a CDE relevent programm is still working.
I have a work-a-round for that: http://www.tbsol.de/de/modules/news/article.php?storyid=61
Maybe you are looking for
-
Dear Friends, I am able to create the Handling Units using BAPI_HU_CREATE but not able to assign the HU to delivery. I can see the HUs are created in VEKP tables correctly. I am using the FM 'HU_ASSIGN_HUS_TO_OBJECT' to assign this to delivery ( LIKP
-
PowerMac G5 Dual 2.0 Chimes but no video
Just received a old PowerPC G5 2.0GHz Dual Processor. When i tried to power it on, the Power LED came on as usual and the G5 chimes, but it didnt display any video on the screen. None of the diagnostic lights display red, heres what i've done - Resea
-
Combo chart - different colors for Bar/Line
Hi, In a combo chart is it possible to have different colors for bar and lines......................In our report- combo charts the intersection of bar/line is NOT visible beacuse of same color.
-
When is new release of Toplink (9.0.3.3) gonna be released?
does anybody know?. this information is necessary to be able to plan a product release to customer. thanks Erdem.
-
I have an ibook and it's running off mac osx 10.4.11 safaria
everytime i try to whatch a video via youtube ect. it freezes and skips how do i fix this without spending any money.