2016年3月9日 星期三

Cisco Router/Switch Enable SSH



Follow the next steps to enable SSH:
• Configure the hostname command.
• Configure the DNS domain.
• Generate RSA key to be used.
• Enable SSH transport support for the virtual type terminal (vty)

Example SSH version 2 configuration:

hostname ssh-router
aaa new-model
username cisco password cisco
ip domain-name routers.local

! Specifies which RSA keypair to use for SSH usage.
#在Cisco 4506與4507上無法下這段指令
ip ssh rsa keypair-name sshkeys

! Enables the SSH server for local and remote authentication on the router.
! For SSH Version 2, the modulus size must be at least 768 bits.
crypto key generate rsa usage-keys label sshkeys modulus 1024


! Configures SSH control variables on your router.
ip ssh timeout 120

! configure SSH version 2 (will disable SSH version 1)
ip ssh version 2


!--- disable Telnet and enable SSH
line vty 0 4
transport input SSH


Commands to verify SSH configuration:
• show ssh
• show ip ssh
• debug ip ssh
###Remove RSA key
(config)#crypto key zeroize rsa 
% All RSA keys will be removed.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: no

=====================================================================
ip domain-name pro.tcbank.cop

crypto key generate rsa usage-keys label sshkeys modulus 1024

ip ssh time-out 120

ip ssh version 2


line vty 0 4
no access-class VTY_ACL in

exit

no ip access-list extended VTY_ACL

ip access-list extended VTY_ACL
 permit tcp host 192.168.91.44 any eq telnet
 permit tcp host 192.168.1.45 any eq telnet
 permit tcp host 172.17.1.18 any eq telnet
 permit tcp host 172.16.11.21 any eq 22
 permit tcp host 172.16.11.196 any eq 22
 permit tcp host 172.17.1.27 any eq 22
 permit tcp host 172.17.1.33 any eq 22
 permit tcp host 172.17.1.56 any eq 22
 permit tcp host 192.168.1.25 any eq 22
 permit tcp host 192.168.1.25 any eq telnet
 permit tcp host 192.168.1.28 any eq 22
 permit tcp host 192.168.90.27 any eq 22
 permit tcp host 192.168.90.27 any eq telnet
 permit tcp host 192.168.90.7 any eq 22
 permit tcp 10.91.0.0 0.0.255.255 any eq 22
 permit tcp 10.90.0.0 0.0.255.255 any eq 22

line vty 0 4
access-class VTY_ACL in
transport input ssh telnet


張貼者:
標籤:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)