Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSH to Router, but different authentication on different VTY Lines

Status
Not open for further replies.

runlikeanantelope

IS-IT--Management
Aug 26, 2005
26
US
I want to do the following:

1) Allow users to ssh to line vty 3 using an authentication method that queries an external RADIUS server

2) Allow a script to ssh to line vty 4 using local authentication that queries the local database

What is the command I type to ssh to vty 0 3 vs. vty 4? I tried to setup rotary groups and ssh using this command but it does not work:

ssh -l username routername -p 3001

Here is my config:

line vty 0 2
access-class 1 in
exec-timeout 60 0
password x
transport input telnet
line vty 3
access-class 1 in
exec-timeout 60 0
privilege level 15
password x
authorization exec RADIUS
login authentication RADIUS
transport input ssh
line vty 4
access-class 1 in
exec-timeout 60 0
privilege level 15
password X
authorization exec RADIUS
login authentication LOCAL
transport input telnet ssh
 
im pretty sure vtys are luck of the draw and that you cannot choose which vty you will be connecting too..
 
Yes, I've tried to setup the rotary groups and every document I find refers to using the rotary groups for telnet, but not SSH.

I have a feeling it is just in the syntax that I'm entering. I've opened a TAC case with Cisco.
 
I found that if I set Rotary 1 on VTY 3 and Rotary 2 on VTY 4 and change the transport input to:

transport ssh telnet

I can issue this command and it will point me to the VTY line I'm trying to connect on:

telnet routername 3001 or
telnet routername 3002

Where, 3001 is Rotary 1 and 3002 is Rotary 2....

So, what is the equivalent SSH command??????????????
 
On the link I posted it mentions the command

ip ssh port 2001 rotary 1

I assume this is what you are looking for, although I have no way of testing this until tomorrow.

HTH

Andy
 
I think the problem appears to be the IOS I'm running. I'm only running 12.2(18)SXE and the "ip ssh port xxxx" command was not introduced until 12.3.

But, yes, I believe that command is the right way to go.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top