Sometimes you may ecounter a situation, when your SSH is not properly configured, for example, if you forgot to generate SSL certificate before enabling transport input ssh on all vty lines, as I recently did. In this situation you might be lucky enough to have SNMP RW community string configured. In this situation you can fix literally everything.
There are no many configurable settings on cisco can be done via SNMP. But you can copy a prepared config to device via TFTP, RCP etc. You may download current device’s config to tftp server, edit necessary lines and upload it back. You may upload it to either running config, startup config or a flash file.
To download running config:
snmpset -v 1 -c rw_community hostname ccCopyProtocol.13 i 1 snmpset -v 1 -c rw_community hostname ccCopySourceFileType.13 i 4 snmpset -v 1 -c rw_community hostname ccCopyDestFileType.13 i 1 snmpset -v 1 -c rw_community hostname ccCopyServerAddress.13 a tftp_serv_ip snmpset -v 1 -c rw_community hostname ccCopyFileName.13 s "file_name" snmpset -v 1 -c rw_community hostname ccCopyEntryRowStatus.13 i 1
Edit on the server, and upload it back by the following commands. Be careful! If you upload to startup-config, IOS will not merge the uploaded config and the startup one, it will replace it instead. Do not upload partial sets of commands!. TO be on a safe side always I recommnd to never upload partial configs. Only necessary lines should be added/cancelled/corrected and the whole config should be uploaded.
snmpset -v 1 -c rw_community hostname ccCopyProtocol.13 i 1 snmpset -v 1 -c rw_community hostname ccCopySourceFileType.13 i 1 snmpset -v 1 -c rw_community hostname ccCopyDestFileType.13 i 4 snmpset -v 1 -c rw_community hostname ccCopyServerAddress.13 a tftp_serv_ip snmpset -v 1 -c rw_community hostname ccCopyFileName.13 s "file_name" snmpset -v 1 -c rw_community hostname ccCopyEntryRowStatus.13 i 1
If you ecountered situation with SSH with no generated certificate, You config might look like this:
line vty 0 4 length 0 transport input ssh line vty 5 15 transport input ssh exit
You should fix it to:
line vty 0 4 length 0 transport input telnet line vty 5 15 transport input telnet exit
Some commands can be cancelled with “no ” statment before the command. Some, as in above case, not.