cisco ssh实验
①配置hostname和domain name
因为rsa的秘钥是用hostname和domain name产生的
Router(config)#host ServerServer(config)#ip domain name cisco.com
②生成RSA秘钥
当生成rsa秘钥后ssh服务会自动开启,反之会自动关闭,要删除 RSA 密钥对,请使用 crypto key zeroize rsa 全局配置模式命令。删除 RSA 密钥对之后,SSH 服务器将自动禁用
复制代码
Server(config)#crypto key generate rsa
The name for the keys will be: Server.test.com
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048 //设置秘钥长度
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 7 seconds)
Server(config)#
*May 2 09:50:12.583: %SSH-5-ENABLED: SSH 1.99 has been enabled //ssh自动开启
③配置用户名和密码
Server(config)#username cisco privilege 0 secret cisco //这里如果privilege不是0 在ssh时就会自动进入特权模式(即不需要enable命令也不需要enable密码)
④配置enable密码
Server(config)#enable secret cisco
⑤配置vty
Server(config)#line vty 0 4Server(config-line)#exec-timeout 10 0Server(config-line)#logging synchronousServer(config-line)#login local Server(config-line)#transport input ssh
⑥ssh的其他设置
Server(config)#ip ssh time-out 120 //ssh超时时间Server(config)#ip ssh authentication-retries 2 //ssh认证失败的次数Server(config)#ip ssh version 2 //ssh的版本Server(config)#ip ssh source-interface fastEthernet 0/0 //指定接口如果有vlan也可以,当指定接口后设备上的其他接口就不能被ssh
三 测试登录
注意:在cisco设备上面使用ssh命令需要指定用户(如果本地未配置username)
复制代码
Client#ssh -l admin 12.1.1.2
Passwor Password:
Server>en
Password:
Server#conf t Server(config)#end Enter configuration commands, one per line. End with CNTL/Z.
Server#conf t
下面是配置命令
R1#show run
Building configuration...
Current configuration : 1326 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SERver
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$9Oza$98c.gUgAsPYe3uHylits1/
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip domain name cisco.com
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username cisco privilege 15 password 0 cisco
username ssh secret 5 $1$6Znv$9Z9cJJoDHy2ooYdiHlUsX/
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
ip ssh time-out 30
ip ssh source-interface FastEthernet0/0
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.12.1 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 10.1.12.1 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login local
transport input ssh
!
!
end