3 Replies Latest reply on Nov 3, 2015 12:22 PM by CourtesyIT

    Telnet and SHH Report

    mcantrell

      Is there a report or an easy way to view what devices have telnet or ssh enabled? I am needing to go through 100 Cisco switches and disable telnet and enable ssh on them. I would like to find a way to script this so I don't have to do them one by one.

       

      Thanks

        • Re: Telnet and SHH Report
          cjfranca

          I do not know if you have a ready report. But you can create a query and direct the base.
          The name of the variables are in the NPM manual in the last pages.

          Your DBA can help you to create this report.


          • Re: Telnet and SHH Report
            Craig Norborg

            Well, there are a few things to keep in mind, first - not all Cisco devices have the ability to do SSH.   On newer devices you can see this by which devices have K9 in their IOS image name, older device use "K2" in the name.   I've heard some devices might have "56i" instead of either K2/K9 too...

             

            You can figure out which ones will/won't support this by going into NCM's "Configuration Management" screen and telling it to "Group By" "OS Image".   I will usually set multiple levels of grouping by, the first being "Vendor" and the second "Machine Type", but the key here is really the "OS Image".

             

            You could then use the Compliance Report section of Solarwinds to create a report that looks for "ip ssh version 2" and whether or not the VTY's have "transport input ssh" on them.  I'd do a config block on the VTY's to avoid it missing any of them or flagging false positives.  I use the rule in the picture below.

             

            *Note that you could use a "run script on each block" in this case and just do the "transport input ssh", but I figured the heavy handed approach is just as easy.   By using the config blocks, even if you have something funky like this it will still work.   Also, some devices only have vty's 0 through 4 and not 5 through 15, the config block approach will adapt to this, while doing a static block doesn't.

             

            line vty 0 4

            exec-timeout 15 0

            logging synchronous

            transport input telnet ssh

            line vty 6

            exec-timeout 30 0

            logging synchronous

            transport input telnet ssh

            line vty 7 8

            exec-timeout 45 0

            logging synchronous

            line vty 9 15

            exec-timeout 15 0

            logging synchronous

             

            vty_access.jpg

            1 of 1 people found this helpful
            • Re: Telnet and SHH Report
              CourtesyIT

              This report may also be of use for you.

               

              STIG-V8R19-CSCO-OS-L2SW - SSH

               

              It will cover more SSH requirements for you other than just looking at the Line VTY ports.