Итак будем настраивать безопасный доступ к циске по ssh. Данная инструкция применима к 800 серии (Cisco 801 Cisco 827 Cisco 837 Cisco 877 Cisco 877W с Cisco IOS поддерживающей ssh.
Проверяем разрешен ли ssh
router#sh ip ssh SSH Disabled - version 2.0 %Please create RSA keys to enable SSH. Authentication timeout: 60 secs; Authentication retries: 5 In this case its not, if you got a error saying that sh ip ssh is not recognized then you would know that ssh is not supported or possibly that the command is different for your platform.
Разрешаем ssh (enabled SSH on a Cisco)
router# config term router(config)#crypto key generate rsa usage-keys label router-key The name for the keys will be: router-key Choose the size of the key modulus in the range of 360 to 2048 for your Signature Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 Choose the size of the key modulus in the range of 360 to 2048 for your Encryption Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] router (config)# 000047: *Mar 1 20:40:50.843 UTC: %SSH-5-ENABLED: SSH 1.99 has been enabled router (config)#
Проверяем что у нас получилось включить ssh.
router#sh ip ssh SSH Enabled - version 1.99 Authentication timeout: 120 secs; Authentication retries: 3 router#
Разрешаем подключение к роутеру по ssh
router#conf t ! line vty 0 4 access-class 1 in exec-timeout 30 0 privilege level 15 login local transport preferred ssh transport input ssh !
ps. wr
Подпишись на RSS!
Читать в Google Reader
Читать в Яндекс.Ленте
Получать RSS на почту