SSH with Cisco router and Linux

[TiziteLayinLow]

I have a cisco 831 router with my road runner connection. I also have a linux box that I plan on using for email server, http server and sftp server. I want to have remote console access to this linux box as well has ssh to the cisco router to check loads and reliability on the cisco router.

anyways.. i have my router able to ssh in remotely with my ACL. i have the ssh daemon turned on the linux box as well. when i loggin to the router, and then try to access the linux box the password field comes on but the correct password just prompts for a password still for the 3 attempts and then logs out.

I'm not that familiar with the RSA keys that are used for authentication in SSH. I have a feeling the problem lies in there, but I don't know exactly where.

Any ideas?

Thanks guys,
Matt Enderle

 

[n0cmonkey]

If you have it set to password authentication, RSA/DSA keys won't come into play. They're another authentication method.

So your SSH daemon (which one are you using?) is not accepting the password?

Is this the SSH daemon on the cisco or the Linux machine?

Are you trying to SSH from the cisco into the Linux machine? I'd consider that a bit backwards. Why not forward port 22 from the outside to the linux machine, and set the Cisco SSH daemon to listen on the internal interface only or on a different port? Then you can SSH into the Linux machine, screen it, and access the Cisco just fine.

 

[Nothinman]

Most likely the SSH client is only doing SSH v1 and your Linux box is setup to only allow SSH v2. SSH v1 is not a good idea to use, but it's better than telnet if that's the only options Cisco gives you.

Also like n0c was saying, if you can change the port that the Cisco SSH daemon listens on and forward 22 to the Linux box it would probably work better and be more secure since you wouldn't be using SSH v1 over the Internet.

 

[n0cmonkey]

Originally posted by: Nothinman
Most likely the SSH client is only doing SSH v1 and your Linux box is setup to only allow SSH v2. SSH v1 is not a good idea to use, but it's better than telnet if that's the only options Cisco gives you.

Also like n0c was saying, if you can change the port that the Cisco SSH daemon listens on and forward 22 to the Linux box it would probably work better and be more secure since you wouldn't be using SSH v1 over the Internet.

I haven't checked recently, but OpenSSH falls back to v1 if v2 isn't available. I usually modify the config to keep this from happening though.

 

[Nothinman]

I haven't checked recently, but OpenSSH falls back to v1 if v2 isn't available

Depends on the distro.

 

[TiziteLayinLow]

ok im not that familiar with firewalls/acl in cisco yet (its next weeks discussion in class..lol) but ya that sounds ok to have 2 services setup like that.. i just didnt want my linux box ssh availible over the internet.. this way they would have to authenticate threw 2 layers in a way. **plus its kinda cool to login to one then to another.lol**

i want my emails very secure which is another whole process im going to have to get down pat is a email daemon on the linux box, im planning on running fedora core 3 if their servers ever let me download the ISOs.

Anyways thanks for your help im going to go google for port forwarding from the cisco CLI..

Thanks again,
Matt Enderle