Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Disable SSH on 796x phones

Status
Not open for further replies.

dulfo666

Technical User
Jan 1, 2007
488
GB
Hope you can help.

We are running CM 7.1 and I need to be able to disable SSH on ALL my phones.

Is there a simple way ?

On CM8 there appears to be a SSH option on the phone config, but I cant find it in CM7.

Paul
 
Is this regarding Cisco phone vulnarability - CVE-2012-5445

I beleive the 79X1 all have the ssh enable. How do we disable it.


Regards

Texasnas
 
SSH is disabled by default in new version of cucm.
To verify:
• Common Phone Profile Configuration (Device > Device Settings > Common Phone Profile).
• Phone Configuration (Device > Phone windows)

SSH Access
Select Enabled to allow access to the SSH Daemon.
Select Disabled to disallow access to the SSH Daemon.
The default is Disabled.


Always test afterwards to make sure ssh is not accessible.

Also realize that this bug/hack requires physical access to the phone as well. So you will have a breach of physical security first, following up with the ssh breach.

For more updated info as cisco is working on a fix, cisco bug id for this is CSCuc83860. Here's a link for it as it gets updated:
 
Thanks. But I am asking about 7.x not 8.x

I can see the option in 8.

 
Sorry didnt catch that on the op. Good question that I don't have an answer for. I'll research that see if I can find an answer. Have you tried to contact tac? 7.X is still supported so that might be your best bet for a quick answer.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top