(No Ratings Yet)
Loading ...
Print This PostScenario:
You want to enable ssh access to manage a cisco device, but don’t want to use AAA.
Solution:
First, make sure a local username/password is defined on the device
Router(config)# username admin password cisco
Second, Generate a general use key for the ssh encryption:
Router(config)# crypto key generate rsa general-keys exportable
This message will appear next, enter one of the three common values at the prompt: 512, 1024, 2048
Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: % Generating 512 bit RSA keys ...[OK]
Next, change ssh to use version 2:
Router(config)# ip ssh version 2
Configure the vty lines, which is used when accessing the device:
Router(config)# line vty 0 4
Important next step: Tell the router to authenticate using local authentication - otherwise login will fail
Router(config)# login local
Configure lines to only accept ssh logins, which effictively disables accessing the device via Telnet :
Router(config)# transport input ssh
Author Info:
Scott is the Founder, Administrator, Architect, Chief Editor and Shameless Hack who wrote and runs Xpresslearn.Scott has been working in the networking field for 13 years and has experience in all the areas: Lan, Wan, Security, Optimization, High Availability, Wireless, and others.
When he is not working on further development of Xpresslearn, Scott loves spending time with his family and has such hobbies as Camping, Fishing, Cars, and Woodworking.