Saturday, 12 May 2012

Setting Up SSH on a Cisco Devices (Router and Switches,etc)


In this post I'll demonstrate how to configure SSH on a cisco router.

Below are the commands I used to name the router and provide a domain name. These details are required rior to generating the key. I then generate a 2048 bit RSA key (this took abolut 10 minutes, I should have done 1024). Following the key creation I configure SSH to have a 60 minute timeout, to use SSH version 2 and to exit after 3 failed login attempts. Finally I assign SSH and Telnet (for backup) to my VTY ports and create a user called XcessL.

Configuration Of SSH in Router :

Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#ip domain-name home.local
R1(config)#crypto key generate rsa general-keys modulus 2048
The name for the keys will be: R1.home.local
% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
R1(config)#ip ssh time-out 60
R1(config)#ip ssh authentication-retries 3
R1(config)#ip ssh version 2
R1(config)#line vty 0 4
R1(config-line)#transport input ssh telnet
R1(config-line)#exit
R1(config)#aaa new-model
R1(config)#username xcessl password 0 cisco
R1(config)#exit

Configuration Of SSH in Client Machine through Putty (SSH Software)

I use Putty to connect with SSH and I'm presented with a dialogue to accept the certificate as shown below.


I then log in with my xcessl credentials.


And a quick packet capture shows me that I am encrypting my traffic with SSH.


***********************************************************************************

No comments:

Post a Comment