Follow the next steps to enable SSH:
• Configure the hostname command.
• Configure the DNS domain.
• Generate RSA key to be used.
• Enable SSH transport support for the virtual type terminal (vty)
Example SSH version 2 configuration:
hostname ssh-router
aaa new-model
username cisco password cisco
ip domain-name routers.local
! Specifies which RSA keypair to use for SSH usage.
#在Cisco 4506與4507上無法下這段指令
ip ssh rsa keypair-name sshkeys
! Enables the SSH server for local and remote authentication on the router.
! For SSH Version 2, the modulus size must be at least 768 bits.
crypto key generate rsa usage-keys label sshkeys modulus 1024
! Configures SSH control variables on your router.
ip ssh timeout 120
! configure SSH version 2 (will disable SSH version 1)
ip ssh version 2
!--- disable Telnet and enable SSH
line vty 0 4
transport input SSH
Commands to verify SSH configuration:
• show ssh
• show ip ssh
• debug ip ssh
###Remove RSA key
(config)#crypto key zeroize rsa
% All RSA keys will be removed.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: no
=====================================================================
ip domain-name pro.tcbank.cop
crypto key generate rsa usage-keys label sshkeys modulus 1024
ip ssh time-out 120
ip ssh version 2
line vty 0 4
no access-class VTY_ACL in
exit
no ip access-list extended VTY_ACL
ip access-list extended VTY_ACL
permit tcp host 192.168.91.44 any eq telnet
permit tcp host 192.168.1.45 any eq telnet
permit tcp host 172.17.1.18 any eq telnet
permit tcp host 172.16.11.21 any eq 22
permit tcp host 172.16.11.196 any eq 22
permit tcp host 172.17.1.27 any eq 22
permit tcp host 172.17.1.33 any eq 22
permit tcp host 172.17.1.56 any eq 22
permit tcp host 192.168.1.25 any eq 22
permit tcp host 192.168.1.25 any eq telnet
permit tcp host 192.168.1.28 any eq 22
permit tcp host 192.168.90.27 any eq 22
permit tcp host 192.168.90.27 any eq telnet
permit tcp host 192.168.90.7 any eq 22
permit tcp 10.91.0.0 0.0.255.255 any eq 22
permit tcp 10.90.0.0 0.0.255.255 any eq 22
line vty 0 4
access-class VTY_ACL in
transport input ssh telnet