Difference between revisions of "Cisco configure SSH"
Jump to navigation
Jump to search
Line 24: | Line 24: | ||
transport input ssh | transport input ssh | ||
= SSH | = Configuring the Cisco IOS SSH Server to Perform RSA-Based User Authentication = | ||
This feature is only supported in IOS 15.0(1)M and later versions. | |||
The below need to be reworked..........WIP......... | |||
Paste your public key | Paste your public key | ||
R2#conf t | R2#conf t |
Revision as of 23:05, 10 November 2013
Prerequisites
The Cisco IOS image used must be a k9(crypto) image in order to support SSH.
Configure using aaa new-model
!--- The aaa new-model command causes the local username and password on the router !--- to be used in the absence of other AAA statements. aaa new-model username cisco password 0 cisco !--- Instead of aaa new-model, you can use the login local command. !--- assign domain name to the router/switch, this will be used to sign off SSH key ip domain-name rtp.cisco.com ip ssh version 2 ip ssh port 22 !--- Generate an SSH key to be used with SSH here 1024bit long crypto key generate rsa 1024 ip ssh time-out 60 ip ssh authentication-retries 2 line vty 0 4 !--- Prevent non-SSH Telnets. transport input ssh
Configuring the Cisco IOS SSH Server to Perform RSA-Based User Authentication
This feature is only supported in IOS 15.0(1)M and later versions.
The below need to be reworked..........WIP.........
Paste your public key
R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ip ssh pubkey-chain R2(conf-ssh-pubkey)#username tech R2(conf-ssh-pubkey-user)#key-string R2(conf-ssh-pubkey-data)#$AAQEA6jYlf9MBskhkWov+ZOUDKun0ExQIRj1zfWA/YciO02VS R2(conf-ssh-pubkey-data)#$XsxM7SqNkRSQOR7y7HBMoxTHV7o+R/uS6A8/mF0A3P/ScRjct R2(conf-ssh-pubkey-data)#$JrNGACGaFy1njD9PrrvrU4o4hx6XDr6xVXF4sP4OCSXIn+Cp8 R2(conf-ssh-pubkey-data)#$bCnZLmv908AeDb1Ac4nPdsn1OhCPIg6fxZjB7DvAMB8Dbr+7Y R2(conf-ssh-pubkey-data)#$apEbGE94luIqnBc61HsMd6JCWbQ== tech@admin.us R2(conf-ssh-pubkey-data)#exit R2(conf-ssh-pubkey-user)#^Z
- Verify
R2#show run | section ssh ip ssh rsa keypair-name SSH ip ssh version 2 ip ssh pubkey-chain username pipi key-hash ssh-rsa C20B739F2645D6850C591C6A11780CB5 tech@admin.us
References
- Configuring Secure Shell on Routers and Switches Running Cisco IOS
- Secure Shell Version 2 Support Last Updated: March 31st 2011, Sections: Secure Shell Version 2 Enhancements for RSA Keys & Configuring the Cisco IOS SSH Server to Perform RSA-Based User Authentication
- SSH with key authentication on Cisco IOS devices
- SSH access without password Cisco forum
- SSH Publickey accepted but still prompted for username/password? Cisco forum