To configure SSH (Secure Shell) for remote access to a Cisco router


the introduction of Cisco IOS SSH, Telnet remote login protocol only makes. Although quite functional, is a non-secure Telnet protocol, in which the entire session, including authentication, are unencrypted and therefore subject to snooping.

SSH is both a protocol and a software which replaces Telnet and provides an encrypted connection for remote management of a network device like a Cisco router or switch safety device.

L '> Cisco IOS provides an SSH server and SSH client. This document is only with the configuration of the SSH server component concerned.

Terms

Software

The server component requires a photo SSH IPSec (DES or 3DES) encryption software from Cisco IOS version 12.1 (1) T or later installed on your router. Advanced IP Services image includes the IPSec component. This document has beenc2800nm-advipservicesk9-mz.123-14.T5.bin.

Preconfiguration

You need a host name and domain name of your router. For example:

Router #
Router # conf t
Enter configuration commands, one per line. It ends with CNTL / Z.
router01 (config) # hostname router01
router01 (config) # ip domain-name domain.local

You also need an RSA key pair for the router, which automatically enables SSH. In the following example to determine how the key pair is designatedCombination of host and domain names that have been previously configured. The module provides the key length), the key length. Cisco recommends a minimum key length of 1024 bit (even if the standard 512-bit:

router01 (config) #
router01 (config) # generate RSA encryption key
be the name for the key: router01.domain.local
Select the size of the key module in the range from 360 to 2048 for General Purpose Keys. The decision to form a key larger than 512, a fewMinutes.

How many bits in the module [512]: 1024
% Generating 1024 bit RSA keys ... [OK]

Finally, you must authenticate to a server such as RADIUS or TACACS + AAA server or local user database for remote users and enable authentication for terminal lines. For the purposes of this document, we create a local user database on the router. In the following example the user "donc" has been a privilege level of 15 (maximum) was created and received aencrypted "p @ ss5678" password. (The "secret", followed by "0", the router says the following password to encrypt the plain text. When configuring the router is running, the password is not readable.) We used the line configuration mode to tell router use its local user database for authentication (login locally) in the terminal lines 0-4.

router01 (config) # username privilege 15 secret 0 donc p @ ss5678
router01 (config) # line vty 0 4
router01 (config-line) # loginLocal

SSH enabled

To enable SSH, you must use a key pair for the router. Alternatively, the version of SSH (the default SSH version 1), the timeout values for authentication, and some other parameters. The following example uses the router to the key pair you created earlier and use the SSH version 2:

router01 (config) #
router01 (config) # ip ssh version 2
router01 (config) # ip ssh RSA key pair name router01.domain.local

You can now access the applicationMake sure your router, an SSH client as TeraTerm.

Display configuration and SSH

You can use the privileged mode command "ssh View" and "ip ssh to view SSH connections and configurations (if any). SSHv1 The following example configuration of a Cisco 871 is verified with the" show ip ssh "and a SSHv1 individual content is displayed to show ssh "with". Please note that we do not allow SSHv2 on this router, making it the defaultSSH version 1.99. Note also in the production of "ssh show" command, the version 1 default 3DES. SSHv2 supports AES encryption technology robust and efficient. SSHv2 is not under the same vulnerability SSHv1. Best Practice recommends using SSHv2 SSHv1 and off at a drop-back. Enable SSHv2 SSHv1 disabled. This example is to demonstrate compatibility only:

router04 #
router04 # show ip ssh
SSH Enabled - version1.99
Authentication timeout: 120 seconds; authentication attempts: 3
router04 #
router04 # show ssh
Connection Version Encryption State Username
2 1.5 3DES Session started donc
% No SSHv2 server connections running.
router04 #

You can also use the command "debug ip ssh SSH configurations to solve.

Copyright (c) 2008 Don R. Crawley

Friends Link : MP3 Player HP Pavilion Battery logitech webcam hpc4680

Labels: , , , , , Posted by tun at 8:31 PM  

Agregar a marcadores favoritos:
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks
  • Agregar a otro servicio

Danos tu comentario

Post a Comment

Subscribe to: Post Comments (Atom)

Home |Design by Blogger