No Account Yet?

You are not logged in.

Add to: JBookmarks Add to: Facebook Add to: Windows Live Add to: Digg Add to: Del.icoi.us Add to: Reddit Add to: StumbleUpon Add to: Slashdot Add to: Netscape Add to: Furl Add to: Yahoo Add to: Blogmarks Add to: Technorati Add to: Newsvine Add to: Google Information
HowTo configure SSH on a Cisco IOS Router or Switch E-mail
Networking HowTo's - Cisco HowTo's
Written by Keith Short   
Thursday, 22 May 2008 19:12

SSH is a secure method of connecting to a router. Unlike Telnet (TCP port 23), SSH (TCP port 22) sets up a secure channel before usernames, passwords, and data are sent across the connection. It's a simple setup to configure on the router or swich. The only caveat is that you are required to have an SSH client installed on your workstation to connect. And if you're using Linux (well this is LinuxDynasty afterall), then you've got SSH built-in!

 


So here's the configuration (of course these are typed in at the configuration level):

  1. Type "ip domain-name yourdomain.com", and press the Enter key. Item in green is specific to your environment.
  2. Type, "ip ssh time-out 20", and press the Enter key.
  3. Type "ip ssh authentication-retries 3", and press the Enter key.
  4. Type, "ip ssh logging events", and press the Enter key.
  5. Type "crypto key generate rsa", and press the Enter key. You'll see this message:

          Choose the size of the key modulus in the range of 360 to 2048 for your

          General Purpose Keys. Choosing a key modulus greater than 512 may take

          a few minutes.

         How many bits in the modulus [512]:

     6.  Press the Enter key

 Now your router or switch is ready to accept SSH connections.

------------------------------------------------------------------------------------------------------------------------------------------ 

***Optional additional configuration to lock down connections on the vty lines to SSH ONLY!***

 Type "line vty 0 4", and press the Enter key.

Type "transport input ssh", and press the Enter key.

Now even without an access list the router will not accept Telnet (TCP port 23) connections, but will accept all SSH connections.

 

Comments
Search RSS
Only registered users can write comments!

3.22 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

Last Updated ( Friday, 23 May 2008 03:01 )