Difference between revisions of "Cisco configure SSH"
Jump to navigation
Jump to search
Line 22: | Line 22: | ||
!--- Prevent non-SSH Telnets. | !--- Prevent non-SSH Telnets. | ||
transport input ssh | transport input ssh | ||
= SSH with public and private RSA key pair authentication = | |||
Paste your public key | |||
R2#conf t | |||
Enter configuration commands, one per line. End with CNTL/Z. | |||
R2(config)#ip ssh pubkey-chain | |||
R2(conf-ssh-pubkey)#username tech | |||
R2(conf-ssh-pubkey-user)#key-string | |||
R2(conf-ssh-pubkey-data)#$AAQEA6jYlf9MBskhkWov+ZOUDKun0ExQIRj1zfWA/YciO02VS | |||
R2(conf-ssh-pubkey-data)#$XsxM7SqNkRSQOR7y7HBMoxTHV7o+R/uS6A8/mF0A3P/ScRjct | |||
R2(conf-ssh-pubkey-data)#$JrNGACGaFy1njD9PrrvrU4o4hx6XDr6xVXF4sP4OCSXIn+Cp8 | |||
R2(conf-ssh-pubkey-data)#$bCnZLmv908AeDb1Ac4nPdsn1OhCPIg6fxZjB7DvAMB8Dbr+7Y | |||
R2(conf-ssh-pubkey-data)#$apEbGE94luIqnBc61HsMd6JCWbQ== tech@admin.us | |||
R2(conf-ssh-pubkey-data)#exit | |||
R2(conf-ssh-pubkey-user)#^Z | |||
;Verify | |||
R2#show run | section ssh | |||
ip ssh rsa keypair-name SSH | |||
ip ssh version 2 | |||
ip ssh pubkey-chain | |||
username pipi | |||
key-hash ssh-rsa C20B739F2645D6850C591C6A11780CB5 tech@admin.us | |||
= References = | = References = | ||
*[http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml Configuring Secure Shell on Routers and Switches Running Cisco IOS] | *[http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml Configuring Secure Shell on Routers and Switches Running Cisco IOS] | ||
*[http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_shell_v2.html#wp1082562 Secure Shell Version 2 Support] Last Updated: March 31, 2011 | |||
*[https://glennmatthys.wordpress.com/2012/01/07/ssh-with-key-authentication-on-cisco-ios-devices/ SSH with key authentication on Cisco IOS devices ] |
Revision as of 22:35, 10 November 2013
Prerequisites
The Cisco IOS image used must be a k9(crypto) image in order to support SSH.
Configure using aaa new-model
!--- The aaa new-model command causes the local username and password on the router !--- to be used in the absence of other AAA statements. aaa new-model username cisco password 0 cisco !--- Instead of aaa new-model, you can use the login local command. !--- assign domain name to the router/switch, this will be used to sign off SSH key ip domain-name rtp.cisco.com ip ssh version 2 !--- Generate an SSH key to be used with SSH here 1024bit long crypto key generate rsa 1024 ip ssh time-out 60 ip ssh authentication-retries 2 line vty 0 4 !--- Prevent non-SSH Telnets. transport input ssh
SSH with public and private RSA key pair authentication
Paste your public key
R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ip ssh pubkey-chain R2(conf-ssh-pubkey)#username tech R2(conf-ssh-pubkey-user)#key-string R2(conf-ssh-pubkey-data)#$AAQEA6jYlf9MBskhkWov+ZOUDKun0ExQIRj1zfWA/YciO02VS R2(conf-ssh-pubkey-data)#$XsxM7SqNkRSQOR7y7HBMoxTHV7o+R/uS6A8/mF0A3P/ScRjct R2(conf-ssh-pubkey-data)#$JrNGACGaFy1njD9PrrvrU4o4hx6XDr6xVXF4sP4OCSXIn+Cp8 R2(conf-ssh-pubkey-data)#$bCnZLmv908AeDb1Ac4nPdsn1OhCPIg6fxZjB7DvAMB8Dbr+7Y R2(conf-ssh-pubkey-data)#$apEbGE94luIqnBc61HsMd6JCWbQ== tech@admin.us R2(conf-ssh-pubkey-data)#exit R2(conf-ssh-pubkey-user)#^Z
- Verify
R2#show run | section ssh ip ssh rsa keypair-name SSH ip ssh version 2 ip ssh pubkey-chain username pipi key-hash ssh-rsa C20B739F2645D6850C591C6A11780CB5 tech@admin.us