CISCO's most basic experiment-route password settings and SSH Logon Settings

1. CISCO's most basic experiment and password settings
 
Global password
R1 # configure terminal
R1 (config) # enable password XXXX
 
Console Logon password:
Router # config terminal
Router (config) # line console 0
Router (config-line) # exec-timeout 0 0 // set the console timeout value to zero, that is, never time out. The default value is 10 minutes.
Router (config-line) # logging synchronous // block annoying console information caused by instability
Router (config-line) # password XXXXXX
Router (config-line) # login
 
Telnet password:
Router (config) # line vty 0 4 // five VTY lines (0 ~ 4)
Router (config-line) # password XXXXXX
Router (config-line) # login // you can use the no login command to tell the vro that a Telnet connection without password verification is allowed.
 
Problems: 1. If the enable password is not set, the privileged mode is not entered through telnet. You can only log on through the console port.
 
2. CISCO ssh Logon Settings
Ra # config terminal
Ra (config) # ip domain-name ctocio.com.cn
// Configure a domain name

Ra (config) # crypto key generate rsa general-keys modulus 1024
// Generate an rsa algorithm key with 1024 bits
(Note: In Cisoc, rsa supports 360-2048 bits. The principle of this algorithm is that the host distributes its own public key to the relevant client, when the client accesses the host, it uses the public key of the host to encrypt the data. The host uses its own private key to decrypt the data, so as to implement host key authentication and determine the reliable identity of the client.

Ra (config) # ip, ssh time 120
// Set the ssh time to 120 seconds

Ra (config) # ip ssh authentication 4
// Set the number of ssh authentication retries to 4, which can be selected between 0 and 5.

Ra (config) # line vty 0 4
// Enter vty Mode

Ra (config-line) # transport input ssh
// Set the vty logon mode to ssh. By default, all logon modes are allowed.
Ra (config-line) # login
Ra (config) # aaa authentication login default local
// Enable aaa authentication and set authentication on the local server
Ra (config-line) # username momo password 123
// Create a user momo and set the password to 123 for logging on to the SSH client.
 
Problems: 1. Why do I need a domain name for SSH configuration,
When configuring SSH logon, A 1024-bit RSA key is generated. The key name is the name of the router that is connected to the DNS domain name.
2. During configuration, the 7200ISO used cannot use the aaa authentication login default local command. After skipping the command, you cannot log in, aaa new-model --- is used to enable new access control commands and functions. (Disable old
Command ).
This command is fine. After this mode is enabled, many aaa commands can be used, including the commands in the experiment. I skipped the experiment and can still log on via SSH, it seems that it is verified locally by default.
In addition, after AAA is enabled, all threads except the console are authenticated by AAA.