1

I have a reverse SSH server in Cisco router(runs IOS operating system) and it listens on port 2001:

C1841#sh control-plane host open-ports 
Active internet connections (servers and established)
Prot               Local Address             Foreign Address                  Service    State
 tcp                        *:22                         *:0               SSH-Server   LISTEN
 tcp                        *:23                         *:0                   Telnet   LISTEN
 tcp                      *:2001                         *:0               SSH-Server   LISTEN

C1841#

In other words, if I connect to port 2001(ssh 10.10.10.2 -l root -p 2001), then I'm able to access RS-232 console port of another device which is connected to AUX port of the router. However, instead of ssh 10.10.10.2 -l root -p 2001 I can simply execute ssh root:1@10.10.10.2. This feature is also described in this blog post. Am I correct that this is not a feature of OpenSSH client, but instead Cisco IOS parses the username in a way that integer after colon is taken as a line number(line number 1 us usually AUX port in IOS)?

Martin
  • 7,516

1 Answers1

2

This is simply a feature of the Cisso ssh server implementation; it parses the user name, and if it contains a :[0-9]+ component then it understands it has to connect the session to the console port with the corresponding number.

Note it has nothing to do with an alternate port number, those connects happen over port 22.

wurtel
  • 16,115