Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Enabeling SSH on CISCO IOS (Quick and Easy)

advertisement 
Enabeling SSH on CISCO IOS (Quick and Easy)
Setting up SSH on Cisco Device.
We are all told that you should not use Telent for connecting to devices
because it is unsecure and all clear text. Much better is to use SSH, but it can
seem a bit of a challenge setting it all up and especially in a small network you
might not think it's worth the effort.
Below are the instructions to enable SSH on Cisco switches and routers,
apply this to the VTY lines and use a client software to connect up.
You will need:
1)
A Cisco device running a IOS that supports SSH, this means any IOS
with Crypto features. (if you have an IOS that is not crypto you can upgrade
for free as long as you keep the same feature set, ask a Cisco reseller more
about this if you need to get hold of one)
2)
A client that can support SSH such as Tera term or Putty.
First Step. We need to generate some RSA Keys. These are used by the
SSH session to encrypt the data. This requires first setting a hostname and a
domain for the Device.
Any thing in bold is commands that need to be entered.
Router(config)#hostname test (set a host name)
test(config)#ip domain-name test.com (sets the domain the keys will be
used for, this does not have to be the same as your windows AD domain,
although often it will be)
test(config)#crypto key generate rsa
The name for the keys will be: test.test.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
test(config)#
this generates keys that are 1024 bits, this is plenty of security, any more and
the performance of the device will start to suffer.
Next we need to set up a data base of local user names and and passwords.
test(config)#username Aaron privilege 15 secret Passw0rd
Setting a privilege level of 15 means you will log straight in to enable/privilege
mode, and using secret is like the enable secret password and stored more
securely.
Lastly we need to apply it to the VTY lines.
test(config)#line vty 0 15
test(config-line)#login local
test(config-line)#transport input ssh
So you are setting all VTY lines to use the local data base of usernames and
passwords we have set up above, and forcing any incoming connections to
require the SSH protocol.
test(config-line)#transport input ssh telnet (would allow both SSH and
Telenet)
Don't forget to save your work
test(config-line)#end
test#copy run start
[OK]
test#
And that's it!! Now simply get one of the SSH clients mentioned above. Enter
the IP address of the device and make sure SSH is ticked. The first time you
will be asked to confirm you wish to connect to the device.
And there you have secure Shell set up and running.
There are many features to be found within SSH and further security
measures to consider, but at least you now have a secure connection to the
device over the network.
For some more info visit the sites below.
For reference, this TechRepublic article goes into a little more detail about the
SSH versions.
http://articles.techrepublic.com.com/5100-10878_11-5875046.html
This Cisco Article goes into much more detail
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a
00800949e2.shtml
Related documents
Packet Tracer – Configuring Secure Passwords and SSH (Instructor
Packet Tracer – Configuring Secure Passwords and SSH (Instructor
11.6.1.2 Packet Tracer - Skills Integration Challenge Instructions IG
11.6.1.2 Packet Tracer - Skills Integration Challenge Instructions IG
SSH beáll
SSH beáll
Packet Tracer - Configuring SSH (Instructor Version)
Packet Tracer - Configuring SSH (Instructor Version)
Configuring SSH
Configuring SSH
adding OneID to existing SSH servers
adding OneID to existing SSH servers
Slide 1
Slide 1
network_error_connection_refused
network_error_connection_refused
E-business Website Development Lab
E-business Website Development Lab
emerging trends in socio-economic sciences and humanities in
emerging trends in socio-economic sciences and humanities in
ParticlePhysics and LHC webs
ParticlePhysics and LHC webs
Access to MIDAS AWS Twitter Data
Access to MIDAS AWS Twitter Data
USP 186/187 - Senior Sequence
USP 186/187 - Senior Sequence
Five steps to a secure login using SSH By A Guest Contributor Takeaway
Five steps to a secure login using SSH By A Guest Contributor Takeaway
Class 17
Class 17
Public Key Authentication between two Solaris Servers:
Public Key Authentication between two Solaris Servers:
Configure Basic AP security through CLI
Configure Basic AP security through CLI
Server Hardening
Server Hardening
Secure Remote Login (commands)
Secure Remote Login (commands)
SSH Installation & Configuration
SSH Installation & Configuration
Slides
Slides
Lab 9: Others
Lab 9: Others
Download
advertisement