Cisco IP Phone 7800 Series devices support remote command-line access through SSH, but this access is disabled by default in Cisco Unified Communications Manager (CUCM). When an engineer is unable to reach the phone’s command line while the device is otherwise reachable via ICMP/HTTP and registered to CUCM, the most common cause is that SSH is not enabled or the required credentials have not been configured.

Within the Phone Configuration → Product Specific Configuration Layout, CUCM provides administrative controls for remote access capabilities. The “SSH Access” parameter in this menu explicitly controls whether the phone will accept SSH connections; this must be enabled for any CLI access to function. In addition, CUCM requires the configuration of SSH username and password under the Secure Shell Information section. These credentials are then provisioned to the phone through its configuration file. If SSH is enabled but no credentials are defined, the phone will reject the connection even if TCP/22 is open.

Other listed options (such as disabling Web Access, enabling Settings Access, or turning on FIPS mode) do not impact SSH functionality. Web Access controls HTTP/HTTPS availability, Settings Access controls local phone menu access, and FIPS mode enforces cryptographic compliance but does not enable SSH by itself.

Therefore, the two actions that resolve the issue are:

Enabling SSH Access in the Product Specific Configuration Layout

Configuring SSH username and password under Secure Shell Information

These steps ensure the phone downloads updated configuration files, activates SSH, and allows authenticated remote CLI access—fully aligned with Cisco’s standard operational behavior for 7800 Series endpoints.