Copyright (c) 2008 Don R. CrawleyVor the introduction of the Cisco IOS SSH in, the only remote login protocol has telnet. Although quite functional, Telnet is a non-secure protocol in which the entire session, including authentication, it is in plain text and thus subject to Schnüffelei.SSH is both a protocol and an application that replaces Telnet and provides an encrypted connection for remote administration consists of Cisco network device such as a router, switch, or Cisco IOS Security Appliance.Die both an SSH server and SSH client. This document is only required to configure the SSH server component betrifft.VoraussetzungenSoftwareDie SSH server component that you have an IPSec (DES or 3DES) encryption software image from Cisco IOS Release 12th 1 (1) T or later installed on your router. Advanced IP Services images are the IPSec Component. This document was c2800nm-advipservicesk9-MZ. 123-14. T5. bin.VorkonfigurationSie must configure a host name and domain name on your router. For example: router # router # conf you tGeben configuration commands, one per line. End with CNTL / Z.router01 (config) # hostname router01router01 (config) # ip domain-name sound training. Net addition, you must generate an RSA key pair for your router, which automatically enables SSH. In the following example, note how the key is named for the combination of host and domain names that were previously configured. The module provides the key length. Cisco recommends be a minimum of 1024 bit key length (even if the default key length 512 bits): router01 (config) # router01 (config) # crypto RSA key generation name for the key: router01. sound training. Net, select the size of the key module in the range 360-2048 for your General Purpose Keys. The choice of a key module is greater than 512 may take a few minutes dauern.Wie many bits in the module [512]: 1024% Generating 1024 bit RSA key. . . [OK] Finally, you need either a AAA server such as RADIUS or TACACS + server or create a local user database to authenticate remote users and enable authentication on the terminal lines. For purposes of this document, we create a local user database on the router. In the following example the user “donc” was a privilege of 15 (the maximum) and receive an encrypted password of “p @ ss5678 created. (The command “secret” of “0″ tells the router with the following clear-text password to encrypt. Not in the Router Running Configuration “, the password would be readable.) We also offer on-line configuration mode are used to to tell the router to use their local user database for authentication (local login) to the terminal lines 0-4.router01 (config) # username privilege 15 secret 0 donc p @ ss5678router01 (config) # line vty 0 4router01 (config -line) # login lokalenAktivieren of SSHSo enable SSH, you must tell the router to use key pair. Optionally, the SSH version (by default SSH version 1), authentication timeout values, and some other parameters. In the following example, we told to use the router with the previously created key pair and use SSH version 2: router01 (config) # router01 (config) # ip ssh version 2router01 (config) # ip ssh RSA key-name router01. sound training. Net can now you sure on your router to an SSH client such as SSH TeraTerm.Viewing VerbindungenSie configurations and to use the privileged mode commands “View ssh” and “profile ip ssh” on SSH configurations and connections (if no view). In following example checks the configuration of a Cisco 871 router SSHv1 displayed with “show ip ssh” and a single SSHv1 connection will show the command “ssh”. Please note that we do not allow us SSHv2 on this router so that it by default to version 1 SSH. Also note in the 99th edition of the show ssh command that SSH version 1 default to 3DES. SSHv2 supports AES, a robust and efficient encryption technology. SSHv2 is not under the same vulnerabilities as SSHv1. sound training. net recommends using SSHv2 and off to a SSHv1 dropback. Enable SSHv2 SSHv1 disabled. This example is only included to show backward compatibility: router04 router04 # # show ip sshSSH Enabled – version 1 99Authentication Timeout: 120 secs; Authentication retries: 3router04 router04 # # show sshConnection State UserName2 Encryption Version # 1 5 3DES Session started doncSSHv2% No server connections läuft.router04 you can use the command “debug ip ssh SSH configurations to resolve.


sound training. net , which specializes in accelerated training firm Seattle, task-oriented training for IT professionals. He works with IT professionals, their work, life and career improvement. For more information on learning opportunities with sound training. net, visit here ;.