Difference between revisions of "Cisco configure SSH"
Jump to navigation
Jump to search
(Created page with "= Prerequisites = The Cisco IOS image used must be a k9(crypto) image in order to support SSH. = Configure using aaa new-model = !--- The aaa new-model command causes the l...") |
|||
Line 9: | Line 9: | ||
username cisco password 0 cisco | username cisco password 0 cisco | ||
!--- Instead of aaa new-model, you can use the login local command. | !--- Instead of aaa new-model, you can use the login local command. | ||
! assign domain name to the router/switch, this will be used to sign off SSH key | !--- assign domain name to the router/switch, this will be used to sign off SSH key | ||
ip domain-name rtp.cisco.com | |||
ip ssh version 2 | ip ssh version 2 | ||
!--- Generate an SSH key to be used with SSH here 1024bit long | !--- Generate an SSH key to be used with SSH here 1024bit long | ||
Line 20: | Line 20: | ||
!--- Prevent non-SSH Telnets. | !--- Prevent non-SSH Telnets. | ||
transport input ssh | transport input ssh | ||
= References = | = References = | ||
*[http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml Configuring Secure Shell on Routers and Switches Running Cisco IOS] | *[http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml Configuring Secure Shell on Routers and Switches Running Cisco IOS] |
Revision as of 22:03, 21 October 2013
Prerequisites
The Cisco IOS image used must be a k9(crypto) image in order to support SSH.
Configure using aaa new-model
!--- The aaa new-model command causes the local username and password on the router !--- to be used in the absence of other AAA statements. aaa new-model username cisco password 0 cisco !--- Instead of aaa new-model, you can use the login local command. !--- assign domain name to the router/switch, this will be used to sign off SSH key ip domain-name rtp.cisco.com ip ssh version 2 !--- Generate an SSH key to be used with SSH here 1024bit long crypto key generate rsa 1024 ip ssh time-out 60 ip ssh authentication-retries 2 line vty 0 4 !--- Prevent non-SSH Telnets. transport input ssh