Warning!! These are just basic SSH configurations made in a lab environment. In no way am I recommending these configurations! Please consult your security policies before implementing any security features across your network.
• First off, you must associate the device to a domain name, or FQDN for the system to generate encryption keys.
o Ip domain-name “YourDomainNameHere”
Example: ip domain-name lab.local
• Next you need to generate the encryption keys. These keys will now be associated with your FQDN, or domain:
o “crypto key generate rsa”
o You should get a message saying keys will now be associated to your domain and should see your domain name: Switch1.lab.local
o You should now see “How many bits in the modulus [512]” This is just your encryption level. 512 is weak, 1024 is standard. More encryption equates to slower speeds. We will input 1024
• Next, we will input the command to the VTY terminals to allow SSH:
o Select the VTY lines “vty 0 4” 0 space 4 says, grab all of the lines from 0 to 4. This will program all of them at once.
o Next command: “transport input ssh” this will allow ssh only, you can also do: “transport input ssh telnet” to allow both telnet and ssh. Telnet is not recommended.
o Next do the password: “password cisco”
o Then enable login of the actual lines by typing the command: “login”. This will actually allow the logon ability.
o If you want the local user database to login: “login local” command will allow local logins from the local database. This step requires another step below in order to create accounts to SSH into the device.
• Finally, we need to create user accounts for the remote logins. You will create a user by the following steps:
o “username YourUserName secret “YourPassword”
o Example: “username user2 secret cisco”
o You can use secret, or password, but secret is more secure as password will be stored plain text.
• Now you can fully log into the device with your newly created username and password.
Warning!! These are just basic SSH configurations made in a lab environment. In no way am I recommending these configurations! Please consult your security policies before implementing any security features across your network.
• First off, you must associate the device to a domain name, or FQDN for the system to generate encryption keys.
o Ip domain-name “YourDomainNameHere”
Example: ip domain-name lab.local
• Next you need to generate the encryption keys. These keys will now be associated with your FQDN, or domain:
o “crypto key generate rsa”
o You should get a message saying keys will now be associated to your domain and should see your domain name: Switch1.lab.local
o You should now see “How many bits in the modulus [512]” This is just your encryption level. 512 is weak, 1024 is standard. More encryption equates to slower speeds. We will input 1024
• Next, we will input the command to the VTY terminals to allow SSH:
o Select the VTY lines “vty 0 4” 0 space 4 says, grab all of the lines from 0 to 4. This will program all of them at once.
o Next command: “transport input ssh” this will allow ssh only, you can also do: “transport input ssh telnet” to allow both telnet and ssh. Telnet is not recommended.
o Next do the password: “password cisco”
o Then enable login of the actual lines by typing the command: “login”. This will actually allow the logon ability.
o If you want the local user database to login: “login local” command will allow local logins from the local database. This step requires another step below in order to create accounts to SSH into the device.
• Finally, we need to create user accounts for the remote logins. You will create a user by the following steps:
o “username YourUserName secret “YourPassword”
o Example: “username user2 secret cisco”
o You can use secret, or password, but secret is more secure as password will be stored plain text.
• Now you can fully log into the device with your newly created username and password.
Warning!! These are just basic SSH configurations made in a lab environment. In no way am I recommending these configurations! Please consult your security policies before implementing any security features across your network.
No comments:
Post a Comment