Tags: ,


Forum Replies

  1. Hi Rene,

    I have always done this using the command:

    ip http secure-server

    And then:

    control-plane host
      management-interface FastEthernet0/0 allow ftp https ssh tftp snmp
    

    And:

    transport input ssh

    I tried it the way you show by generating the crypto key as you have shown above and using the control-plane host lines and it seems to achieve the same results without specifying transport input ssh on the VTY lines. You can only SSH into the router. Is this achieving the same end? The only difference I can see by using your method and issuing a sh run is you don’t

    ... Continue reading in our forum

  2. Hello Matt!

    The way that you implement your configuration achieves something similar, but not exactly the same as that which Rene has done in his example.

    Rene’s example applies SSH on the VTY line. This means that you can connect to the device via SSH from any of its interfaces to the VTY connections. In your configuration, you are binding the ssh configuration only to the management interface. This of course is a legitamite configuration assuming you only apply out of band management, and if it works for you that’s great.

    Also, in your configuration the ip

    ... Continue reading in our forum

  3. Hello,

    is it possible to add to this lesson how to configures ssh authentication based on ssh keys ?

    And I assume, that this procedure is the same on routers and L3 switches.

    Peter

  4. Hello Petr

    That’s a great idea. I will convey it to Rene to see if that can be added.

    Thanks!

    Laz

5 more replies! Ask a question or join the discussion by visiting our Community Forum