Here are the steps required to install SSH on a Cisco Router:
First you need to determine if you have the required IOS - IOS images with "K9" in the name will do. Not all routers support SSH. I am using the 2600 series.
Second log into your router and give it a host name with:
hostname R1
You will also need to configure a domain name:
ip domain name your-domain.com
Then use ip ssh to change the version to 2 if possible. You will not always be able to rely on ssh v2, but even version 1 will provide substantially better protection then telnet:
ip ssh version 2
Once you have that done go ahead and enter:
crypto key generate rsa
Then you have the option to choose how many bits the keys will be anywhere between 360 and 2048, I choose 1024 since it is very secure and the router can create the key quickly. The default is 512.
Then the final step. Create a user for ssh login and secure the vty lines:
user username privilege level 15 password yoursupersecrepassword
R1(config)#line vty 0 ?
<1-181> Last Line number
<cr>
R1(config)#line vty 0 181
R1(config-line)#login local
R1(config-line)#trans
R1(config-line)#transport input ssh
R1(config-line)#exit
R1(config)#exit
That is pretty much it! You can now login through putty or other ssh clients.
No comments:
Post a Comment