Configure ssh access to IOS router

Posted on November 13, 2010

0



The routers are managed generally with telnet. Telnet is from security view not the best access method, as it is clear text and fast all end-hosts has a telnet client.
In such case secure access should be used with ssh or ssl.
A Cisco IOS router can be accessed with ssh as well, the following config is required for that.

IOSFirewall#configure terminal
IOSFirewall(config)# enable password YourPassword
IOSFirewall(config)# hostname IOSFirewall
IOSFirewall(config)# ip domain-name YourDomainName
Router-ssh(config)# crypto key generate rsa
The name for the keys will be: IOSFirewall.YourDomainName
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. 

How many bits in the modulus [512]: 768
% Generating 768 bit RSA keys …[OK]
IOSFirewall(config)#
IOSFirewall(config)# ip ssh time-out 60
IOSFirewall(config)# ip ssh version 2 —> From 12.3(4)T only!
IOSFirewall(config)# line vty 0 4
IOSFirewall(config-line)# no exec
IOSFirewall(config-line)# login local
IOSFirewall(config-line)# rotary 1 –> see ‘ip ssh port’ comment! Use only from 12.3(4)T!
IOSFirewall(config-line)# transport input ssh
IOSFirewall(config-line)# exit
IOSFirewall(config-)# ip ssh port 2000 rotary 1 —> From 12.3(4)T only!
IOSFirewall(config)#username YourUserName password YourPassword

It is not complicated and it is worth to setup.

Advertisement
Posted in: Admin access, Cisco, IOS, Security