Tuesday, September 8, 2009

Setting Up SSH on a Cisco Router

In this post I'll demonstrate how to configure SSH on a cisco router.


Below are the commands I used to name the router and provide a domain name. These details are required rior to generating the key. I then generate a 2048 bit RSA key (this took abolut 10 minutes, I should have done 1024). Following the key creation I configure SSH to have a 60 minute timeout, to use SSH version 2 and to exit after 3 failed login attempts. Finally I assign SSH and Telnet (for backup) to my VTY ports and create a user called Bob.


Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#ip domain-name home.local
R1(config)#crypto key generate rsa general-keys modulus 2048
The name for the keys will be: R1.home.local
% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
R1(config)#ip ssh time-out 60
R1(config)#ip ssh authentication-retries 3
R1(config)#ip ssh version 2
R1(config)#line vty 0 4
R1(config-line)#transport input ssh telnet
R1(config-line)#exit
R1(config)#aaa new-model
R1(config)#username bob password 0 cisco
R1(config)#exit



I use Putty to connect with SSH and I'm presented with a dialogue to accept the certificate as shown below.



I then log in with my bob credentials.



And a quick packet capture shows me that I am encrypting my traffic with SSH.


No comments: