2018-11-01 Cisco route enable ssh version 2

这里记录了如何在CISCO路由器里启用SSH V2。当然,软件要支持。
设定domain name,生成RSA keys

R2(config)#ip domain-name axing.com

R2(config)#ip ssh rsa keypair-name axingkey

Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).

R2(config)#crypto key generate rsa usage-keys label axingkey modulus 1024

The name for the keys will be: axingkey

% The key modulus size is 1024 bits

% Generating 1024 bit RSA keys, keys will be non-exportable...

[OK] (elapsed time was 0 seconds)

% Generating 1024 bit RSA keys, keys will be non-exportable...

[OK] (elapsed time was 1 seconds)

R2(config)#

*Nov  1 12:00:14.249: %SSH-5-ENABLED: SSH 1.99 has been enabled

看提示,SSH已经enable了。注意,ssh v2要求modulus size 超过768。

R2(config)#ip ssh version 2

R2(config)#ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ct

R2(config)#ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ct

R2#sh ip ssh

SSH Enabled - version 2.0

Authentication methods:publickey,keyboard-interactive,password

Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr

MAC Algorithms:hmac-sha1,hmac-sha1-96

Authentication timeout: 120 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 1024 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtIiCe4Fxu8k+491+363nJithzRurAqUEauUcMfPRG

    7ZYGNowPoLIMihCWD+X0OsFRuurG7v6wxPFPmi4LefXRUZTIFsvpSfArfHqHfKDieY1PAMnmn8UpZ7Lj

cubFHhloETS7d8TrEhmdC7uhLiVJgHimLZN6Fcx6fS+9MINHbw==         

其他还要配置一些通用配置比如本地用户,端口地址之类的,vty登录启用ssh

R2(config)#line vty 0 4

R2(config-line)#login local

R2(config-line)#transport input ssh

保存就OK了

R2#wr

你可能感兴趣的:(2018-11-01 Cisco route enable ssh version 2)