From: Andrew Hannah (Andrew.Hannah@citrix.com)
Date: Fri Feb 23 2007 - 16:07:30 ART
You can use a tacacs+ or radius server by setting aaa up,
or you will need to create local usernames.
username root password toor
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
tacacs-server host 10.1.0.200
tacacs-server key password
This example will cause the router to contact the tacacs
server first for both login and enable. Local
username/passwords will be used if the connection fails
for any reason.
HTH
-----Original Message-----
From: nobody@groupstudy.com
[mailto:nobody@groupstudy.com] On Behalf Of Cacca Mucca
Sent: Friday, February 23, 2007 7:13 AM
To: Philip Dillon
Cc: cisco@groupstudy.com; ccielab@groupstudy.com
Subject: Re: SSH Configuration on Routers and Switches
[7:118170]
Thanks for the link and example of a config.
Do I need an external authentication server or can I run
the Cisco Routers and Switches as ssh servers?
On 2/23/07, Philip Dillon <nobody@groupstudy.com> wrote:
>
> Cacca,
>
> If your Router IOS supports SSH then something like the
following
> shown below should hopefully do you. Please note
anything in CAPITAL
> LETTERS will be specific for your needs (i.e Router
Name and Domain
> Name and Passwords).
>
> Please also note this is a basic config and may not be
appropriate to
> your security needs.
>
> en
> config
> hostname CISCO-ROUTER
> ip domain name CISCO-ROUTER.COM
> crypto key generate rsa
>
> At this point you should be asked for a key size (1024)
is OK
>
> ip ssh version 2 - This command may not be
supported
> ip ssh time-out 120
> ip ssh authentication-retries 3
> line vty 0 4
> login
> password CISCO
> transport input ssh
> exit
> exit
> wr
>
> you can get some good information from the link below,
>
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/
ios124/124cg/
> hsec_c/part25/ch10/schssh.pdf
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:48 ART