- IPT Buzz
- Saturday, September 17, 2011
- How to SSH into a Cisco IP Phone
- IT заметки на полях
- Полезные заметки о IT
- Cisco 7941 ssh доступ
- Secure Shell Configuration Guide, Cisco IOS Release 15M&T
- Bias-Free Language
- Book Title
- SSH Terminal-Line Access
- Chapter: SSH Terminal-Line Access
- SSH Terminal-Line Access
- Finding Feature Information
- Prerequisites for SSH Terminal-Line Access
- Restrictions for SSH Terminal-Line Access
- Console Server Requirement
- Memory and Performance Impact
- Information About SSH Terminal-Line Access
- Overview of SSH Terminal-Line Access
- How to Configure SSH Terminal-Line Access
- Configuring SSH Terminal-Line Access
- Verifying SSH Terminal-Line Access
- Configuration Examples for SSH Terminal-Line Access
- Example SSH Terminal-Line Access Configuration
- Example SSH Terminal-Line Access for a Console Serial Line Ports Configuration
Saturday, September 17, 2011
How to SSH into a Cisco IP Phone
Here are the steps to let you SSH into a Cisco IP Phone. In this example, the phone model is a 7961.
On the phone’s device page in ccmadmin, scroll down to the Secure Shell Information section and type in a username and password for the Secure Shell User and Secure Shell Password. I simply used cisco and cisco.
Then, scroll down to the bottom and set the SSH Access drop-down box to Enabled. Don’t forget to Save and Apply Config.
Scroll back up to the top of the page and get the phone’s IP address.
Open an SSH session to the phone’s IP address. You will probably get a typical key message window that you will have to accept.
You will then be prompted for another login and pasword from within your SSH session window. Enter default for the login and user for the password and press enter. You should then be at a $ dollar sign prompt.
Now that you are in, let’s see what you can do!
IT заметки на полях
Полезные заметки о IT
Cisco 7941 ssh доступ
ssh roo@ip password — cisco login: default password: user
SIP Phone> clear
Clears the following, depending on keywords used:
•arp—Clears the Address Resolution Protocol (ARP) cache.
•ethernet—Clears the network statistics.
•ip—Clears the IP statistics.
•malloc—Clears the memory allocation table.
•tcp-stats—Clears the TCP statistics.
SIP Phone> debug
Shows detailed debug output when used with the following keywords:
•arp—Shows debug output for the ARP cache.
•console-stall—Shows debug output for the console-stall driver output mode.
•strlib—Shows debug output for the string library.
•malloc—Shows debug output for memory allocation.
•malloc-table—Enables the population of the memory allocation table. The table can be viewed with the show malloc-table command.
•sk-platform—Shows debug output for the platform.
•flash—Shows debug output for the Flash memory.
•dsp—Shows debug output for DSP accesses.
•vcm—Shows debug output for the voice channel manager (VCM), including tones, ringing, and volume.
•dtmf—Shows debug output for DTMF relay.
•task-socket—Shows socket task debug output.
•lsm—Shows debug output for the Line State Manager.
•fsm—Shows debug output for the Feature State Manager.
•auth—Shows debug output for the SIP authorization state machine.
•fim—Shows debug output for the Feature Interaction Manager.
•gsm—Shows debug output for the Global State Manager.
•cc—Shows debug output for call control.
•cc-msg—Shows debug output for the call control messages.
•error—Shows general error debug output.
•sip-task—Shows debug output for the SIP task.
•sip-state—Shows debug output for the SIP state machine.
•sip-messages—Shows debug output for SIP messaging.
•sip-reg-state—Shows debug output for the SIP registration state machine.
•dns—Shows the DNS command-line interface (CLI) configuration; allows you to clear the cache and set servers.
•config—Shows output for the config system command.
•sntp—Shows debug output for Simple Network Time Protocol (SNTP).
•sntp-packet—Displays full SNTP packet data.
•http—Shows HTTP requests and responses.
•arp-broadcast—Shows ARP broadcast messages.
•xml-events—Shows XML events that are posted to the XML application chain.
•xml-deck—Shows XML requests for XML cards and decks.
•xml-vars—Shows XML content variables.
•xml-post—Shows XML post strings.
Manipulates the DNS system. The following arguments are used:
•-p—Prints out the DNS cache table.
•-c—Clears out the DNS cache table.
•-s ip-address—Sets the primary DNS server.
•-b ip-address—Sets the first backup server.
SIP Phone> erase protflash
Erases the protocol area of Flash memory. Forces the phone to reset its IP stack and request its configuration files again. This command can be used only if the telnet_level parameter is set to allow privileged commands to be executed.
SIP Phone> exit Exits the Telnet or console session.
SIP Phone> ping ip-address number packet-size timeout
Sends an Internet Control Message Protocol (ICMP) ping to a network address. You can use a dotted IP address or an alphanumeric address. The number argument specifies how many pings to send; the default value is 5. The packetsize argument defines the size of the packet; you can send any size packet up to 1480 bytes and the default packet size is 100. The timeout argument is measured in seconds and identifies how long to wait before the request times out; the default is 2.
SIP Phone> register
Instructs the Cisco SIP IP phone to register with the proxy server. The keywords and argument are as follows:
option value—Specifies each line as registered or not. Valid entries are 0 (unregistered) and 1 (registered).
line value—Registers the number of lines or specifies a backup proxy. The valid values are from 1 to 6 and backup. For example, if you input register 0 backup, the phone will register to the backup proxy.
SIP Phone> reset
Resets the phone line. This command can be used only if the telnet_level parameter is set to allow privileged commands to be executed.
Shows information about the SIP IP phone. The following keywords are used:
•arp—Displays contents of the ARP cache.
•debug—Shows which debug modes are activated.
•ethernet—Shows the network statistics.
•ip—Displays the IP packet statistics.
•strpool—Shows the string library pool of strings. This command can be used only if the telnet_level parameter is set to allow privileged commands to be executed.
•memorymap—Shows the memory mapping table, including free, used, and wasted blocks.
•dump—Displays a dump of the memory contents. This command can be used only if the telnet_level parameter is set to allow privileged commands to be executed.
•malloctable—Shows the memory allocation table.
•stacks—Shows tasks and buffer lists.
•status—Shows the current phone status, including errors.
•abort_vector—Shows the address of the last recorded abort vector.
•flash—Shows Flash memory information.
•dspstate—Shows the DSP status, including whether the DSP is ready, the audio mode, whether keepalive pending is turned on, and the ringer state.
•rtp—Shows packet statistics for the RTP streams.
•tcp—Shows the status of TCP ports, including the state (listen or closed) and the port number.
•lsm—Shows the current status of the Line Manager control blocks.
•fsm—Shows the current status of the Feature State function control blocks.
•fsmdef—Shows the current status of the default Feature State Manager data control blocks.
•fsmcnf—Shows the current status of the Conference Feature State Manager call control blocks.
•fsmxfr—Shows the current status of the Transfer Feature State Manager transfer control blocks.
•fim—Shows the current status of the Feature Interaction Manager control blocks (interface control blocks and state control blocks).
•gsm—Turns on debugging for vcm, lsm, fim, fsm, and gsm.
•register—Shows the current registration status of SIP lines.
•network—Shows network information, such as phone platform, DHCP server, phone IP address and subnet mask, default gateway, address of the TFTP server, phone MAC address, domain name, and phone name.
•config—Shows the current Flash configuration, including network information, phone label and password, SNTP server address, DST information, time and date format, and input and output port numbers.
•personaldir—Displays the current contents of the personal directory. This command can be used only if the telnet_level parameter is set to allow privileged commands to be executed.
•dialplan—Shows the phone dial plan.
•timers—Shows the current status of the platform timers.
Accesses the remote call test interface, allowing you to control the phone from a remote site. To use this feature, enter the test open command. To prevent use of this feature, enter the test close command. This command can be used only if the telnet_level parameter is set to allow privileged commands to be executed.
The following commands are available:
•test key—When a test session is open, you can simulate key presses using the test key k1 k2 k3…k12 command, where k1 through k13 represent the following key names:
The keys 0 through 9, #, and * may be entered in continuous strings to better express typical dialing strings. A typical command would be test ky 23234.
•test onhook—Simulates a handset onhook event.
•test offhook—Simulates a handset offhook event.
•test show—Shows test feedback.
•test hide—Hides test feedback.
SIP Phone> tty
Controls the Telnet system. The arguments and keywords are as follows:
•echo—Controls local echo.
•mon—Sends all debug output to both the console and Telnet sessions.
•timeout value—Sets the Telnet session timeout period based on the value. The value range is from 0 to 65535.
•kill session—Tears down the Telnet session specified by the session argument.
•msg—Send a message to another terminal logged into the phone; for example, you can send a message telling everyone else that is logged in to log off.
SIP Phone> traceroute ip-address [ttl]
Initiates a traceroute session from the console or from a Telnet session. Traceroute shows the route that IP datagrams follow from the SIP IP phone to the specified IP address. The arguments are as follows:
•ip-address—The dotted IP address or alphanumeric address (host name) of the host to which you are sending the traceroute.
•ttl—The time-to-live value, or the number of routers (hops) through which the datagram can pass. The default value is 30.
Secure Shell Configuration Guide, Cisco IOS Release 15M&T
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Secure Shell Configuration Guide, Cisco IOS Release 15M&T
SSH Terminal-Line Access
View with Adobe Reader on a variety of devices
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Chapter: SSH Terminal-Line Access
SSH Terminal-Line Access
The SSH Terminal-Line Access feature provides users secure access to tty (text telephone) lines. tty allows the hearing- and speech-impaired to communicate by using a telephone to type messages.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for SSH Terminal-Line Access
Download the required image to your router. The secure shell (SSH) server requires the router to have an IPSec (Data Encryption Standard (DES) or 3DES) encryption software image from Cisco IOS Release 12.1(1)T or a later release. The SSH client requires the router to have an IPSec (DES or 3DES) encryption software image from Cisco IOS Release 12.1(3)T or a later release. See the Cisco IOS Configuration Fundamentals Configuration Guide , Release 12.4T for more information on downloading a software image.
The SSH server requires the use of a username and password, which must be defined through the use of a local username and password, TACACS+, or RADIUS.
The SSH Terminal-Line Access feature is available on any image that contains SSH.
Restrictions for SSH Terminal-Line Access
Console Server Requirement
To configure secure console server access, you must define each line in its own rotary and configure SSH to use SSH over the network when user want to access each of those devices.
Memory and Performance Impact
Replacing reverse Telnet with SSH may reduce the performance of available tty lines due to the addition of encryption and decryption processing above the vty processing. (Any cryptographic mechanism uses more memory than a regular access.)
Information About SSH Terminal-Line Access
Overview of SSH Terminal-Line Access
Cisco IOS supports reverse Telnet, which allows users to Telnet through the router—via a certain port range—to connect them to tty (asynchronous) lines. Reverse Telnet has allowed users to connect to the console ports of remote devices that do not natively support Telnet. However, this method has provided very little security because all Telnet traffic goes over the network in the clear. The SSH Terminal-Line Access feature replaces reverse Telnet with SSH. This feature may be configured to use encryption to access devices on the tty lines, which provide users with connections that support strong privacy and session integrity.
SSH is an application and a protocol that provides secure replacement for the suite of Berkeley r-tools such as rsh, rlogin, and rcp. (Cisco IOS supports rlogin.) The protocol secures the sessions using standard cryptographic mechanisms, and the application can be used similarly to the Berkeley rexec and rsh tools. Currently two versions of SSH are available: SSH Version 1 and SSH Version 2. Only SSH Version 1 is implemented in the Cisco IOS software.
The SSH Terminal-Line Access feature enables users to configure their router with secure access and perform the following tasks:
Connect to a router that has multiple terminal lines connected to consoles or serial ports of other routers, switches, or devices.
Simplify connectivity to a router from anywhere by securely connecting to the terminal server on a specific line.
Allow modems attached to routers to be used for dial-out securely.
Require authentication of each of the lines through a locally defined username and password, TACACS+, or RADIUS.