here are the steps you need to follow to enable ssh
in config mode
1- hostname ...
2- ip domain-lookup
3- username .... password
4- crypto key-generate rsa
5- ip ssh authentication-retries
6 - ip ssh version
7- line vty 0 4
login local
transport input none
transport input ssh
8 - save your work.
Example from my router:
conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#hostname SSHSERVER
SSHSERVER(config)#ip domain-name CCIE
SSHSERVER(config)#username BERTRAND password r3
SSHSERVER(config)#crypto key generate rsa
% You already have RSA keys defined named SSHSERVER.CCIE.
% Do you really want to replace them? [yes/no]: y
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
Mar 1 01:31:52.676: %SSH-5-DISABLED: SSH 2.0 has been disabled
1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Mar 1 01:32:12.172: %SSH-5-ENABLED: SSH 2.0 has been enabled
SSHSERVER(config)#
SSHSERVER(config)#ip ssh version 2
SSHSERVER(config)#ip ssh authentication-retries 3
SSHSERVER(config)#line vty 0 4
SSHSERVER(config-line)#login local
SSHSERVER(config-line)#transport input none
SSHSERVER(config-line)#transport input ssh
SSHSERVER(config-line)#^Z
SSHSERVER#wr
Building configuration...
access_server#7
% 7 is not an open connection
access_server#6
[Resuming connection 6 to sw1 ... ]
SW1#ssh -l BERTRAND 172.16.50.1 3
Password:
Password:
SSHSERVER>sh ssh
Connection Version Mode Encryption Hmac State Username
66 1.99 IN aes128-cbc hmac-sha1 Session started BERTRAND
66 1.99 OUT aes128-cbc hmac-sha1 Session started BERTRAND
%No SSHv1 server connections running.
SSHSERVER>exit
[Connection to 172.16.50.3 closed by foreign host]
SW1#
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment