Configuring SSH on the Cisco switch

Source: Internet
Author: User
Tags modulus ssh cisco switch
iOS supports SSH for high-end products such as the 7200 series, 7500 series, and 12000 Series (GSR) in the Cisco routers product family. The iOS version of the general support SSH file name is K3 or K4 words, K3 for 56bit SSH encryption, K4 represents 168bit SSH encryption. iOS like my provincial network GSR 12016 and 12008 is a version that supports 56bit SSH encryption.

Cisco's products currently support only SSH-1 and do not support SSH-2. The following is a case of GSR 12008 for a detailed description of the configuration method for SSH-1 (italic word for configuration input commands):

① Configuring hostname and IP domain-name:

Router#configure terminal
Router (config) #hostname test-gsr12008
test-gsr12008 (config) #ip domain-name Jx.cn.net
      

② Configure the login username and password (local authentication as an example):

test-gsr12008 (config) #username Test Password 0 Test
    Note: Add a User: Test, Password: Test
test-gsr12008 (config) #line vty 0 4
      test-gsr12008 (config-line) #login Local

After the two parts are done, you can see with the show Run command:

Hostname test-gsr12008
!
Boot system flash Gsr-k3p-mz.120-14.s.bin
enable secret 5 $1$DMYW$GDSIOKCR7P8YTWCRWTNJG.
Enable password 7 094f47c31a0a
!
Username Test Password 7 0835495d1d
clock timezone PRC
redundancy main-cpu
auto-sync
Startup-config!!!!
IP subnet-zero
no ip finger
IP domain-name jx.cn.net
IP name-server 202.101.224.68
IP name-server 202.101.226.68
      !

③ Configuring the SSH service:

test-gsr12008 (config) #crypto key generate RSA the name for the
keys would be:test-gsr12008.jx.cn.net
Note: SSH's keyword name is hostname +. +ip Domain-name Choose The size of the the key modulus in the range of the 2048 of a for
your general
Purpose Keys. Choosing a key modulus greater than to take
a few minutes.
How many bits in the modulus [512]: NOTE: Choose the number of encrypted bits, with the default on the line
generating RSA keys
... [OK]
test-gsr12008 (config) #end
test-gsr12008#write
Building configuration ...
      

At this point, you can see with the show Run command:

IP subnet-zero
no ip finger
IP domain-name jx.cn.net
IP name-server 202.101.224.68
IP name-server 202.101.226.68
IP ssh time-out
ip ssh authentication-retries 3
      !

With the command show IP ssh can also be seen:

SSH enabled-version 1.5
      authentication timeout:120 secs; Authentication Retries:3

Now that the SSH service is started, if you need to stop the SSH service, use the following command:

test-gsr12008 (config) #crypto key zeroize RSA

④ setting SSH Parameters

Once SSH is configured, we see the default parameters of SSH through the show Run command: The timeout is limited to 120 seconds and the number of authentication retries is 3, which can be modified by the following command:

test-gsr12008 (config) #ip ssh {[time-out seconds]} | [Authentication-retries Interger]}

If you want to change the timeout limit to 180 seconds, you should use:

test-gsr12008 (config) # IP SSH time-out 180

If you want to change the number of retries to 5 times, you should use:

test-gsr12008 (config) # ip ssh authentication-retries 5

This way, SSH has been successfully configured on the router and is able to log in securely via SSH.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.