I'm quite new to puTTY and SSH. I am having difficulties connecting to my router using SSH. I am able to connect just fine with Telnet however. Is there any prerequisites needed for SSH? For instance, do I need to install something on my router to let it connect?
Router: Belkin F9K1103. DNS service: Hosting on Norwegian version of domainnameshop.com. I'm in the process of setting up my Pi as a server. SSH Connection Being Refused When I'm Remote, but not Local (Port Forwarding Already Enabled) 0. Raspberry Pi server w/out port forwarding-1. Port forwarding isn't working. Unable to use SSH from internet though it works fine over local network. After pressing return there was a long pause and then it timed out. Suspecting the ping issue was the problem and that the BT Home Hub 3 modem was operating in some sort of stealth mode not readily apparent from searching the advanced settings.
Any feedback will be kindly appreciated.
Model in question: Zyxel p660ru firmware 3.40
C_B
C_BC_B
3 Answers
According to the Release Manual for that router, it's not built in out of the box.
Does this mean for definite that it doesn't support it? Not necessarily. They may release updates for it. Looking at some of the commands they ask you to type in with
telnet
, it seems like it may be running Linux. Can you do an ls
or a pwd
to get paths or files? Maybe the router supports Tomato or DD-WRT, and those two would give you SSH access.To get SSH access though, your router needs to support it, which is usually just an additional service. If you are concerned about having a secure connection from the outside world into it, I'd recommend having a small Linux box (for example, on a Raspberry Pi) running the SSHd daemon, then telnet from that to the router. If you are looking for an encrypted connection from your workstation inside the network to the router, I'd look at figuring out why there are peering eyes on your network.
I realize this may not answer the question, but hopefully it gives you some info, and other ideas of where to look or what to do.
Canadian LukeCanadian Luke18.3k30 gold badges93 silver badges149 bronze badges
Your router must be running an ssh server. This is required for you to connect via SSH. Other than that it should be pretty straight forward. Put in your routers IP address in PuTTY and click 'Connect'.
tbenz9tbenz95,2782 gold badges20 silver badges28 bronze badges
Your router needs to support SSH, and it needs to be enabled (usually disabled by default). Look in your router documentation to see if it's supported and how to enable if so.
Jim G.Jim G.
Not the answer you're looking for? Browse other questions tagged networkingsshputty or ask your own question.
Hi everyone,
I run into an issue of initiating SSH connection to my router from internet. I remember exactly I've added the following commands into my config but sometimes SSH connections are either successful or refused for some reason. Also I noticed that 'crypto key generate rsa' isn't shown up in the running config.
#hostname <Company Name>
#ip domain-name <Company Name>
#crypto key generate rsa (1024 bits)
#aaa new-model
#username <…> privilege 15 secret 0 <…>
#ip ssh version 2
Can everyone please have a look at my configuration below to see what the problem is?
!
! Last configuration change at 03:50:48 UTC Thu Feb 1 2018 by XXXX
! NVRAM config last updated at 03:51:03 UTC Thu Feb 1 2018 by XXXX
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname XXXX
!
boot-start-marker
boot system flash c800-universalk9-mz.SPA.155-3.M4a.bin
boot-end-marker
!
!
security authentication failure rate 3 log
logging buffered 50000
enable secret 5 $1$tr17$qG4EbK/siuNB/r7Mhq/pl.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpn_xauth local
aaa authentication login sslvpn local
aaa authorization network vpn_group local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
!
!
!
!
!
ip dhcp excluded-address 192.168.112.230 192.168.112.254
ip dhcp excluded-address 192.168.112.1 192.168.112.29
!
ip dhcp pool LAN
network 192.168.112.0 255.255.255.0
dns-server 192.168.112.1 8.8.8.8
default-router 192.168.112.1
lease 3
!
!
!
ip domain name XXXX
ip name-server 8.8.8.8
ip inspect WAAS flush-timeout 10
ip inspect name CBAC-FW tcp router-traffic
ip inspect name CBAC-FW udp router-traffic
ip inspect name CBAC-FW icmp router-traffic
ip cef
login block-for 300 attempts 3 within 30
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
chat-script lte ' 'AT!CALL' TIMEOUT 20 'OK'
!
!
!
!
!
cts logging verbose
license udi pid C887VAG-4G-GA-K9 sn FGL2126900H
!
!
username XXXX privilege 15 secret 5 $1$g7DQ$N380o3kv0lpWRArKhkTMQ0
!
!
!
!
!
controller VDSL 0
firmware filename flash:VA_A_39t_B_35j_24m.bin
sra
!
controller Cellular 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
no cdp run
!
track 10 ip sla 1 reachability
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group CCLIENT-VPN
key XXXXX
dns 10.0.0.1
pool VPN-Pool
acl ClientToSiteVPN
max-users 2
crypto isakmp profile vpn-ike-profile-1
match identity group CCLIENT-VPN
client authentication list vpn_xauth
isakmp authorization list vpn_group
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
mode tunnel
!
crypto ipsec profile VPN-Profile-1
set transform-set encrypt-method-1
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
ipv6 address 1111:2222:3333:4444::/64 eui-64
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Cellular0
ip address negotiated
ip access-group AccessFromOutside in
ip nat outside
ip inspect CBAC-FW out
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer-group 2
no peer default ip address
async mode interactive
routing dynamic
!
interface Cellular1
no ip address
encapsulation slip
shutdown
!
interface Ethernet0
ip address dhcp
ip access-group AccessFromOutside in
ip nat outside
ip inspect CBAC-FW out
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
spanning-tree portfast
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface Virtual-Template1 type tunnel
ip unnumbered Cellular0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN-Profile-1
!
interface Vlan1
ip address 192.168.112.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip local pool VPN-Pool 172.0.0.100 172.0.0.105
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip dns server
ip nat inside source list LAN interface Ethernet0 overload
ip nat inside source list LAN1 interface Cellular0 overload
ip nat inside source static tcp 192.168.112.2 80 X.X.X.X 81 extendable
ip nat inside source static tcp 192.168.112.7 10255 X.X.X.X 10255 extendable
ip route 0.0.0.0 0.0.0.0 Ethernet0 X.X.X.X track 10
ip route 0.0.0.0 0.0.0.0 Cellular0 5
ip ssh version 2
!
ip access-list extended AccessFromOutside
deny ip host 58.218.198.144 any
permit udp host 27.34.226.242 host X.X.X.X log
permit udp any host 255.255.255.255 eq bootpc log
permit tcp any host X.X.X.X eq 10255 log
permit icmp any any echo-reply
permit icmp any any unreachable
permit icmp any any time-exceeded
permit tcp any any eq 22
permit tcp host Y.Y.Y.Y any eq 81
permit tcp host 122.106.74.156 any eq 81
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
deny ip any any
ip access-list extended ClientToSiteVPN
permit ip 10.0.0.0 0.0.0.255 172.0.0.0 0.0.0.255
permit icmp 10.0.0.0 0.0.0.255 172.0.0.0 0.0.0.255
ip access-list extended LAN
permit ip 192.168.112.0 0.0.0.255 any
deny ip any any
ip access-list extended LAN1
permit ip 192.168.112.0 0.0.0.255 any
deny ip any any
!
ip sla 1
icmp-echo K.K.K.K source-interface Ethernet0
frequency 5
ip sla schedule 1 life forever start-time now
dialer-list 2 protocol ip permit
!
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
banner motd
*********************************
WARNING:
UNAUTHORIZED ACCESS PROHIBITED
*********************************
!
line con 0
script dialer lte
no modem enable
no exec
transport output all
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line 3
script dialer lte
modem InOut
no exec
transport input all
transport output all
rxspeed 100000000
txspeed 50000000
line 8
no exec
rxspeed 100000000
txspeed 50000000
line vty 0 5
exec-timeout 5 0
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server tic.ntp.telstra.net
ntp server toc.ntp.telstra.net
!
end