Disable SSH on 796x phones

[dulfo666]

Hope you can help.

We are running CM 7.1 and I need to be able to disable SSH on ALL my phones.

Is there a simple way ?

On CM8 there appears to be a SSH option on the phone config, but I cant find it in CM7.

Paul

 

[texasnas]

Is this regarding Cisco phone vulnarability - CVE-2012-5445

I beleive the 79X1 all have the ssh enable. How do we disable it.


Regards

Texasnas

 

[whykap]

SSH is disabled by default in new version of cucm.
To verify:
• Common Phone Profile Configuration (Device > Device Settings > Common Phone Profile).
• Phone Configuration (Device > Phone windows)

SSH Access
Select Enabled to allow access to the SSH Daemon.
Select Disabled to disallow access to the SSH Daemon.
The default is Disabled.


Always test afterwards to make sure ssh is not accessible.

Also realize that this bug/hack requires physical access to the phone as well. So you will have a breach of physical security first, following up with the ssh breach.

For more updated info as cisco is working on a fix, cisco bug id for this is CSCuc83860. Here's a link for it as it gets updated:

http://tools.cisco.com/Support/BugT...ls.do?method=fetchBugDetails&bugId=CSCuc83860

 

[dulfo666]

Thanks. But I am asking about 7.x not 8.x

I can see the option in 8.

 

[whykap]

Sorry didnt catch that on the op. Good question that I don't have an answer for. I'll research that see if I can find an answer. Have you tried to contact tac? 7.X is still supported so that might be your best bet for a quick answer.

 

[whykap]

Take a look at this post. It might help.

https://supportforums.cisco.com/thread/2099658