So lets hop on to a router and configure it :)
Before We enable and configure ssh access, you should know that before enabling ssh we need to configure hostname on router other than "router" and also we need to configure "domain name" on router. Also ssh uses tcp port 22.
Router(config)#hostname Deepak
Deepak(config)#ip domain-name deepak.com
Deepak(config)#crypto key generate rsa general-keys
The name for the keys will be: Deepak.deepak.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: Just hit enter here
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
Deepak(config)#
*Mar 1 00:03:13.563: %SSH-5-ENABLED: SSH 1.99 has been enabled
Next step is to allow ssh protocol on vty lines for access.
Deepak(config)#configure terminal
Deepak(config)#line vty 0-4
Deepak(config-line)#transport input ssh
Deepak(config)#line vty 0-4
Deepak(config-line)#transport input ssh
Now lets hop on to last few steps. It includes creating local user database and also allowing local authentication on router.
Deepak(config)#username deepak password deepak
Deepak(config)#line vty 0 4
Deepak(config-line)#login local
Deepak(config-line)#exit
Now just hop on to client router and use following command for ssh access.
Test#ssh -l deepak 1.1.1.1 ( 1.1.1.1 is just ip address of destination router to which we need
access)
2 comments:
Hi Deepak ,
Is 512 bit RSA genral key is sufficient to enable ssh version 2 ?
Cisco doc says u require minimum 768 bit RSA key to enable SSH version 2.
and did tried with 512 bit key prompt says %SSH-5-ENABLED: SSH 1.5 has been enabled
Just a question ...
Regards,
M
There are two considerations over here:
1. Bigger key means more security but also more overhead on CPU since SSH connection will be control place traffic which hits device CPU
2. SSHv2 is preferred these days over SSHv1
Post a Comment