So, was working on a Nagios event handler to issue a NAT clear command to a Cisco router (half-baked IPSec VPN box issues, fail) and even though I had configured all of the rcmd stuff properly in IOS and locked it down to just the Nagios server for access it still didn't work. On the server side, when I issued the command I would get a single line of output:
No free VTYs.
So, I went back to the router and turned on 'debug ip tcp rcmd' and noticed that the rsh authentication (if you can call it that) was working but after accepting the command from the rsh client (router sends 'OK' to client), the router followed by immediately sending '
All of my default VTYs are setup with 'transport input ssh' because I don't use telnet where I have the choice to use SSH. I changed that to 'transport input rlogin ssh' and no luck. Finally, I changed it to 'transport input ssh telnet' and bingo, the rcmd was working like a champ. I removed the telnet option for my main access lines and defined a new line, telnet only, with a much more restrictive access-class limited to the server running Nagios.
Tuesday, December 7, 2010
No free VTYs
Subscribe to:
Posts (Atom)
