Enabling Secure access with SSH
From Peter Pap's Technowiki
Revision as of 03:53, 21 September 2010 by Ppapa (talk | contribs) (Created page with "In order to be able to enable SSH access to a switch, you first need to make sure you have an IOS crypto image installed on the switch. I usually do not configure SSH or telnet ...")
In order to be able to enable SSH access to a switch, you first need to make sure you have an IOS crypto image installed on the switch. I usually do not configure SSH or telnet on my switches. Being a paranoid Sys Admin, I prefer y switches to only be accessible from a console switch, on a secure management network. That being said, it's sometimes handy to have SSH enabled on a switch. Here's how you do it.
1. Set a hostname and default domain
conf t hostname somehostname ip domain-name somedomain.com
2. Generate the crypto keys
cry key generate rsa
Choose 1024 minimum!
3. Set SSH parameters
ip ssh time-out 60 ip ssh authentication-retries 2
4. Create a username and password to log on with
aaa new-model aaa authentication login local_auth local username someuser secret somepassword
5. Enable SSH and disable telnet
line vty 0 4 login authentication local_auth transport input ssh
line vty 5 15 transport input ssh login authentication local_auth end
6. Write your changes to flash
wr mem