Difference between revisions of "Enabling Secure access with SSH"
From Peter Pap's Technowiki
(Created page with "In order to be able to enable SSH access to a switch, you first need to make sure you have an IOS crypto image installed on the switch. I usually do not configure SSH or telnet ...") |
|||
Line 29: | Line 29: | ||
login authentication local_auth | login authentication local_auth | ||
transport input ssh | transport input ssh | ||
− | |||
line vty 5 15 | line vty 5 15 | ||
transport input ssh | transport input ssh |
Latest revision as of 03:53, 21 September 2010
In order to be able to enable SSH access to a switch, you first need to make sure you have an IOS crypto image installed on the switch. I usually do not configure SSH or telnet on my switches. Being a paranoid Sys Admin, I prefer y switches to only be accessible from a console switch, on a secure management network. That being said, it's sometimes handy to have SSH enabled on a switch. Here's how you do it.
1. Set a hostname and default domain
conf t hostname somehostname ip domain-name somedomain.com
2. Generate the crypto keys
cry key generate rsa
Choose 1024 minimum!
3. Set SSH parameters
ip ssh time-out 60 ip ssh authentication-retries 2
4. Create a username and password to log on with
aaa new-model aaa authentication login local_auth local username someuser secret somepassword
5. Enable SSH and disable telnet
line vty 0 4 login authentication local_auth transport input ssh line vty 5 15 transport input ssh login authentication local_auth end
6. Write your changes to flash
wr mem