Cisco SSH configuration
Authentication
To configure SSH on the switch we will need to configure first AAA (Authentication, Authorization and Accounting) in the switch using the following commands.
To configure AAA and a user in the local database
aaa new-model
username randomuser password randompasswdThe aaa new-model command will modify the default settings for authentication and will force the usage of the local database for authenticating the user in case of no other AAA statements. (I will concentrate at this moment in just configuration of authentication using the local database but may be in the future I will extend the tutorial to include authentication using a RADIUS or TACACS+ server plus the local database).
At this point it will be a good idea to test that the authentication works before we move to the configuration of SSH.
SSH configuration
Before we generate the crypto key for the switch we will need to specify the domain name of the switch just in case we don’t have in place.
ip domain-name wisekuma.netTo generate the crypto key to use with SSH
(config-t)#crypto key generate rsa
The name for the keys will be: switch.wisekuma.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024Or you can use also the command
crypto key generate rsa modulus 1024With the crypto key generated we can configure some of the specific settings for SSH
To allow only version 2 of ssh
ip ssh version 2To specify the time out once a session is finished in case of inactivity
ip ssh time-out 60The number of retries to login to the switch.
ip ssh authentication-retries 3The last thing to do having configured SSH in the switch is to just allow only SSH connections to the switch (no need of access through telnet while having SSH).
line vty 0 15
transport input sshTags: cisco, configuration, ssh
- Permalink
- Alberto Diaz
- 14 Mar 2009 12:34 PM
- Comments (0)
