(No Ratings Yet)
Loading ...
Print This PostScenario:
You want to enable ssh access to manage a cisco device, but don’t want to use AAA.
Solution:
First, make sure a local username/password is defined on the device
Router(config)# username admin password cisco
Second, Generate a general use key for the ssh encryption:
Router(config)# crypto key generate rsa general-keys exportable
This message will appear next, enter one of the three common values at the prompt: 512, 1024, 2048
Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: % Generating 512 bit RSA keys ...[OK]
Next, change ssh to use version 2:
Router(config)# ip ssh version 2
Configure the vty lines, which is used when accessing the device:
Router(config)# line vty 0 4
Important next step: Tell the router to authenticate using local authentication – otherwise login will fail
Router(config)# login local
Configure lines to only accept ssh logins, which effictively disables accessing the device via Telnet :
Router(config)# transport input ssh
Author Info:
Scott's profession is a Senior Network Engineer at a Healthcare related company in Nashville, TN. When he is not trying to secure a network or come up with a design for a new project, he enjoys spending time with his family. You can find out more at: http://www.scottp.net
