| Configuring Secure Shell on Cisco IOS Routers |
|
| Configuring Secure Shell on Cisco IOS Routers |
|
|
|
作者:佚名 文章来源:不详 点击数: 更新时间:2007-2-11 7:51:24  |
Configuring Secure Shell on Cisco IOS Routers
Configuring Secure Shell on Cisco IOS Routers
Hardware and Software Versions
The information in this document is based on the software version below.
Cisco IOS 3600 Software (C3640-IK9S-M), Version 12.2(2)T1
SSH was introduced into IOS platforms/images as shown below.
SSH Version 1.0 (SSHv1) server was introduced in some IOS platforms/images starting in 12.0.5.S.
SSH client was introduced in some IOS platforms/images starting in 12.1.3.T.
SSH terminal-line access (also known as reverse-telnet) was introduced in some IOS platforms/images starting in 12.2.2.T.
[[The No.1 Picture.]]
Testing Authentication Without SSH:
!--- aaa new-model causes the local username/password on the router
!--- to be used in the absence of other aaa statements.
aaa new-model
username cisco password 0 cisco
line vty 0 4
!--- Instead of aaa new-model, the login local command may be used.ip domain-name rtp.cisco.com
!--- Generate an SSH key to be used with SSH.
Testing Authentication With SSH:
cry key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2
ip domain-name rtp.cisco.com
!--- Generate an SSH key to be used with SSH.
cry key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2
line vty 0 4
!--- Prevent non-SSH telnets.
transport input ssh
ssh
!--- Step 1: Configure hostname if you have not previously done so.
hostname carter
!--- aaa new-model causes the local username/password on the router
!--- to be used in the absence of other AAA statements.
aaa new-model
username cisco password 0 cisco
!--- Step 2: Configure the router's DNS domain.
ip domain-name rtp.cisco.com
!--- Step 3: Generate an SSH key to be used with SSH.
cry key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2
!--- Step 4: By default the vtys' transport is Telnet. In this case,
!--- Telnet has been disabled and only SSH is supported.
line vty 0 4
transport input SSH
!--- Instead of aaa new-model, the login local command may be used.
测试ssh
ssh -l cisco -c 3des 10.13.1.99
Adding SSH Terminal-Line Access
ip ssh port 2001 rotary 1
line 1 16
no exec
rotary 1
transport input ssh
exec-timeout 0 0
modem In Out
Stopbits 1
|
| 文章录入:bolang 责任编辑:bolang |
|
上一篇文章: 网络基础:理解OSI网络分层
下一篇文章: 实战手记之Native IOS 6509 |
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
