[asterisk-users] ssh to a Cisco 7961 is not working

Vladimir Mikhelson vlad at mikhelson.com
Mon Jan 16 02:14:11 CST 2012 

Ken,

Thank you for posting the details.  The method worked perfectly.

I was about to give up on connecting via SSH to manually provisioned
Cisco phones.

Thank you,
Vladimir


On 1/15/2012 8:52 PM, Ken Alker wrote:
> Flavio,
>
> Thank you for pointing this out!  I was using the reference
> "Configuring Settings on the Cisco Unified IP Phone" and it spoke
> nothing of SSH so I ASSuMEd that meant Cisco wasn't acknowledging the
> ability for the phone to do SSH.  Your research set me on the proper
> path.  It turns out there are now (with current firmware) a couple of
> variables that must be added to the XML file.  For anyone else
> struggling with this problem, here are two links referencing the
> necessary modification (the second is not in English but is the only
> example of a complete XML file that I found):
>
> <http://stackoverflow.com/questions/7148543/cisco-7945-sip-and-sip-notify-problem>
>
> <http://arbeitsplatzvernichtung-durch-outsourcing.de/marty44/fritzcisco7970.html>
>
>
> The bottom line is that I had to add the following to the
> <vendorConfig> section (and reboot a couple of times):
> <sshAccess>0</sshAccess>
> <sshPort>22</sshPort>
>
> Thanks again,
> Ken
> Impulse Internet Services
> http://www.impulse.net
>
> --On January 15, 2012 8:03:30 PM -0200 Flavio Miranda
> <flaviormiranda at hotmail.com> wrote:
>
>>
>> Ken,
>>
>> According with cisco docs, ssh is disable by default:
>>
>> http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/firmware/9_2_1/engli
>>
>> sh/release/notes/7900_921.html
>>
>> SSH Access
>>
>> The SSH Access settings option allows the administrator to enable or
>> disable the SSH port on the phone using Cisco Unified CM Administration.
>> When enabled, it allows the phone to accept the SSH connections.
>> Disabling the SSH server functionality of the phone blocks the SSH
>> access
>> to the phone. This setting is disabled by default.
>>
>> This feature is supported on the following Cisco Unified IP Phones (SCCP
>> and SIP):
>>
>> • [Image: "height="] Cisco Unified IP Phone 7906G
>>
>> • [Image: "height="] Cisco Unified IP Phone 7911G
>>
>> • [Image: "height="] Cisco Unified IP Phone 7931G
>>
>> • [Image: "height="] Cisco Unified IP Phone 7941G
>>
>> • [Image: "height="] Cisco Unified IP Phone 7941G-GE
>>
>> • [Image: "height="] Cisco Unified IP Phone 7942G
>>
>> • [Image: "height="] Cisco Unified IP Phone 7945G
>>
>> • [Image: "height="] Cisco Unified IP Phone 7961G
>>
>> • [Image: "height="] Cisco Unified IP Phone 7961G-GE
>>
>> • [Image: "height="] Cisco Unified IP Phone 7962G
>>
>> • [Image: "height="] Cisco Unified IP Phone 7965G
>>
>> • [Image: "height="] Cisco Unified IP Phone 7970G
>>
>> • [Image: "height="] Cisco Unified IP Phone 7971G
>>
>> • [Image: "height="] Cisco Unified IP Phone 7975G
>>
>>
>>
>>
>>
>>
>>
>>
>> Att,
>>
>> Flavio Roberto Miranda
>> MSN:flaviormiranda at hotmail.com
>> Skype: flaviormiranda
>>
>>
>>
>>> Date: Sun, 15 Jan 2012 13:32:36 -0800
>>> From: ken at impulse.net
>>> To: asterisk-users at lists.digium.com
>>> Subject: Re: [asterisk-users] ssh to a Cisco 7961 is not working
>>>
>>> Flavio,
>>>
>>> Thank you for your response. According to various wiki's (voip-info.org
>>> included), the 7961 is supposed to accept SSH connections (and in fact,
>>> many people recommend this for debugging, but what I often see is "just
>>> connect via SSH" as if it should simply work; I haven't run across any
>>> data  indicating people have had problems connecting via ssh as I
>>> am). I
>>> must  assume that either the wiki's are wrong (doubtful, but possible),
>>> or Cisco  deactivated ssh in this firmware build, or I need to alter a
>>> setting in my  SEP*.cnf.xml file or on the phone itself; but I don't
>>> know what that would  be. As per below, I've defined an ssh userid and
>>> password via the xml file.
>>>
>>> --On January 15, 2012 10:20:06 AM -0200 Flavio Miranda
>>> <flaviormiranda at hotmail.com> wrote:
>>>
>>> >
>>> > Ken,
>>> >
>>> > Does your phone is realy able to accept ssh connection? I mean ,
>>> it is
>>> > set up for it ? As we can see in the log, it is sending reset to the
>>> > ssh client.
>>> >
>>> > 10.0.0.155 10.0.0.172 TCP 60 ssh > 57665 [RST, ACK] Seq=1
>>> >
>>> > look like it is not accepting ssh connections.
>>> >
>>> >
>>> >
>>> > Att,
>>> >
>>> > Flavio Roberto Miranda
>>> > MSN:flaviormiranda at hotmail.com
>>> > Skype: flaviormiranda
>>> >
>>> >
>>> >
>>> >> Date: Sun, 15 Jan 2012 01:06:34 -0800
>>> >> From: ken at impulse.net
>>> >> To: asterisk-users at lists.digium.com
>>> >> Subject: [asterisk-users] ssh to a Cisco 7961 is not working
>>> >>
>>> >> I am trying to ssh to my Cisco 7961 VoIP phone (computer and
>>> phone on
>>> >> the same LAN and switch) but I always get a "connection refused". I
>>> >> have tried from my desktop and a laptop running different OS's. I
>>> have
>>> >> tried "ssh 10.0.0.155" and "ssh cisco at 10.0.0.155" from a command
>>> >> prompt. Here are the results from sniffing via Wireshark:
>>> >>
>>> >> 11038 2272.240571 10.0.0.172 10.0.0.155 TCP 78 57665 > ssh [SYN]
>>> Seq=0
>>> >> Win=65535 Len=0 MSS=1460 WS=8 TSval=963558895 TSecr=0 SACK_PERM=1
>>> >> 11039 2272.240681 10.0.0.172 10.0.0.155 TCP 78 57665 > ssh [SYN]
>>> Seq=0
>>> >> Win=65535 Len=0 MSS=1460 WS=8 TSval=963558895 TSecr=0 SACK_PERM=1
>>> >> 11046 2272.241550 10.0.0.155 10.0.0.172 TCP 60 ssh > 57665 [RST,
>>> ACK]
>>> >> Seq=1 Ack=1 Win=8192 Len=0
>>> >> 11047 2272.241554 10.0.0.155 10.0.0.172 TCP 60 ssh > 57665 [RST,
>>> ACK]
>>> >> Seq=1 Ack=1 Win=8192 Len=0
>>> >>
>>> >> I don't know why everything is duplicated, but I'm not very
>>> proficient
>>> >> at Wireshark.
>>> >>
>>> >> Here is a snippet from my SEP*cnf.xml file:
>>> >> <sshUserId>cisco</sshUserId>
>>> >> <sshPassword>cisco</sshPassword>
>>> >>
>>> >> Can anyone offer any help/suggestions?
>>> >>
>>> >> Thank you!
>>> >> Ken Alker
>>> >> Impulse Internet Services
>>> >> http://www.impulse.net
>>> >>
>>> >>
>>> >> --
>>> >>
>>> _____________________________________________________________________
>>> >> -- Bandwidth and Colocation Provided by
>>> http://www.api-digital.com --
>>> >> New to Asterisk? Join us for a live introductory webinar every
>>> Thurs:
>>> >> http://www.asterisk.org/hello
>>> >>
>>> >> asterisk-users mailing list
>>> >> To UNSUBSCRIBE or update options visit:
>>> >> http://lists.digium.com/mailman/listinfo/asterisk-users
>>> >
>>>
>>>
>>>
>>>
>>>
>>> -- 
>>> _____________________________________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>> http://www.asterisk.org/hello
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
>
>
>
> -- 
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list