Re: SSH Configuration on Routers and Switches [7:118170]

From: Eric Leung (eric.lwc@gmail.com)
Date: Fri Feb 23 2007 - 20:02:42 ART

• Next message: Anthony Bonilla: "Re: IPSec problem using CA server"
• Previous message: Filyurin, Yan: "Summarizing IPV6 address blocks"
• Maybe in reply to: Cacca Mucca: "Re: SSH Configuration on Routers and Switches [7:118170]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Cacca,

If you are currently not using any aaa authentication, you don't need the
aaa server at the moment. Just config the router / switch as SSH server
mode.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part25/ch10/schssh.htm#wp1006447
 SSH Server

The SSH Server feature enables a SSH client to make a secure, encrypted
connection to a Cisco router. This connection provides functionality that is
similar to that of an inbound Telnet connection. Before SSH, security was
limited to Telnet security. SSH allows a strong encryption to be used with
the Cisco IOS software authentication. The SSH server in Cisco IOS software
will work with publicly and commercially available SSH clients.

2007/2/23, Cacca Mucca <caccamucca@gmail.com>:
>
> Thanks for the link and example of a config.
>
> Do I need an external authentication server or can I run the Cisco Routers
> and Switches as ssh servers?
>
>
>
> On 2/23/07, Philip Dillon <nobody@groupstudy.com> wrote:
> >
> > Cacca,
> >
> > If your Router IOS supports SSH then something like the following shown
> > below should hopefully do you. Please note anything in CAPITAL LETTERS
> > will
> > be specific for your needs (i.e Router Name and Domain Name and
> > Passwords).
> >
> > Please also note this is a basic config and may not be appropriate to
> your
> > security needs.
> >
> > en
> > config
> > hostname CISCO-ROUTER
> > ip domain name CISCO-ROUTER.COM
> > crypto key generate rsa
> >
> > At this point you should be asked for a key size (1024) is OK
> >
> > ip ssh version 2 - This command may not be supported
> > ip ssh time-out 120
> > ip ssh authentication-retries 3
> > line vty 0 4
> > login
> > password CISCO
> > transport input ssh
> > exit
> > exit
> > wr
> >
> > you can get some good information from the link below,
> >
> >
> >
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part25/ch10/schssh.pdf
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Anthony Bonilla: "Re: IPSec problem using CA server"
• Previous message: Filyurin, Yan: "Summarizing IPV6 address blocks"
• Maybe in reply to: Cacca Mucca: "Re: SSH Configuration on Routers and Switches [7:118170]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:48 ART