In this post I'll demonstrate how to configure SSH on a cisco router.
***********************************************************************************
Below are the commands I used to name the router and provide a domain name. These details are required rior to generating the key. I then generate a 2048 bit RSA key (this took abolut 10 minutes, I should have done 1024). Following the key creation I configure SSH to have a 60 minute timeout, to use SSH version 2 and to exit after 3 failed login attempts. Finally I assign SSH and Telnet (for backup) to my VTY ports and create a user called XcessL.
Configuration Of SSH in Router :
Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#ip domain-name home.local
R1(config)#crypto key generate rsa general-keys modulus 2048
The name for the keys will be: R1.home.local
% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
R1(config)#ip ssh time-out 60
R1(config)#ip ssh authentication-retries 3
R1(config)#ip ssh version 2
R1(config)#line vty 0 4
R1(config-line)#transport input ssh telnet
R1(config-line)#exit
R1(config)#aaa new-model
R1(config)#username xcessl password 0 cisco
R1(config)#exit
Configuration Of SSH in Client Machine through Putty (SSH Software)
I use Putty to connect with SSH and I'm presented with a dialogue to accept the certificate as shown below.
I then log in with my xcessl credentials.
And a quick packet capture shows me that I am encrypting my traffic with SSH.
No comments:
Post a Comment