ssh to a Cisco 7961 is not working

Home » Asterisk Users » ssh to a Cisco 7961 is not working
Asterisk Users 5 Comments

I am trying to ssh to my Cisco 7961 VoIP phone (computer and phone on the
same LAN and switch) but I always get a “connection refused”. I have tried
from my desktop and a laptop running different OS’s. I have tried “ssh″ and “ssh cisco@” from a command prompt. Here are the
results from sniffing via Wireshark:

11038 2272.240571 TCP 78 57665 > ssh [SYN] Seq=0
Win=65535 Len=0 MSS=1460 WS=8 TSval=963558895 TSecr=0 SACK_PERM=1
11039 2272.240681 TCP 78 57665 > ssh [SYN] Seq=0
Win=65535 Len=0 MSS=1460 WS=8 TSval=963558895 TSecr=0 SACK_PERM=1
11046 2272.241550 TCP 60 ssh > 57665 [RST, ACK] Seq=1
Ack=1 Win=8192 Len=0
11047 2272.241554 TCP 60 ssh > 57665 [RST, ACK] Seq=1
Ack=1 Win=8192 Len=0

I don’t know why everything is duplicated, but I’m not very proficient at

Here is a snippet from my SEP*cnf.xml file:

Can anyone offer any help/suggestions?

Thank you!
Ken Alker
Impulse Internet Services

5 thoughts on - ssh to a Cisco 7961 is not working

  • Ken,

    Does your phone is realy able to accept ssh connection? I mean , it is set up for it ? As we can see in the log, it is sending reset to the ssh client. TCP 60 ssh > 57665 [RST, ACK] Seq=1

    look like it is not accepting ssh connections.

  • Flavio,

    Thank you for your response. According to various wiki’s (
    included), the 7961 is supposed to accept SSH connections (and in fact,
    many people recommend this for debugging, but what I often see is “just
    connect via SSH” as if it should simply work; I haven’t run across any data
    indicating people have had problems connecting via ssh as I am). I must
    assume that either the wiki’s are wrong (doubtful, but possible), or Cisco
    deactivated ssh in this firmware build, or I need to alter a setting in my
    SEP*.cnf.xml file or on the phone itself; but I don’t know what that would
    be. As per below, I’ve defined an ssh userid and password via the xml file.

  • Ken,

    According with cisco docs, ssh is disable by default:

    SSH Access

    SSH Access settings option allows the administrator to enable or disable
    the SSH port on the phone using Cisco Unified CM Administration. When
    enabled, it allows the phone to accept the SSH connections. Disabling
    the SSH server functionality of the phone blocks the SSH access to the
    phone. This setting is disabled by default.

    This feature is supported on the following Cisco Unified IP Phones (SCCP and SIP):

    •Cisco Unified IP Phone 7906G

    •Cisco Unified IP Phone 7911G

    •Cisco Unified IP Phone 7931G

    •Cisco Unified IP Phone 7941G

    •Cisco Unified IP Phone 7941G-GE

    •Cisco Unified IP Phone 7942G

    •Cisco Unified IP Phone 7945G

    •Cisco Unified IP Phone 7961G

    •Cisco Unified IP Phone 7961G-GE

    •Cisco Unified IP Phone 7962G

    •Cisco Unified IP Phone 7965G

    •Cisco Unified IP Phone 7970G

    •Cisco Unified IP Phone 7971G

    •Cisco Unified IP Phone 7975G

  • Flavio,

    Thank you for pointing this out! I was using the reference “Configuring
    Settings on the Cisco Unified IP Phone” and it spoke nothing of SSH so I
    ASSuMEd that meant Cisco wasn’t acknowledging the ability for the phone to
    do SSH. Your research set me on the proper path. It turns out there are
    now (with current firmware) a couple of variables that must be added to the
    XML file. For anyone else struggling with this problem, here are two links
    referencing the necessary modification (the second is not in English but is
    the only example of a complete XML file that I found):

    The bottom line is that I had to add the following to the
    section (and reboot a couple of times):

    Thanks again,
    Impulse Internet Services

  • Ken,

    Thank you for posting the details. The method worked perfectly.

    I was about to give up on connecting via SSH to manually provisioned
    Cisco phones.

    Thank you,