Thursday, July 3, 2008

SSH for VTY access

This is a very simple lab for SSH access:

R1 and R2 connected to same LAN
R1 will be the client, R4 the server

Let's enable SSH on R2:

R2(config)#ip domain-name

R2(config)#crypto key generate rsa
The name for the keys will be:
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]

*Mar 1 00:18:50.259: %SSH-5-ENABLED: SSH 1.99 has been enabled
R2(config)#line vty 0 4
R2(config-line)#login local
R2(config-line)#transport input ssh
R2(config)#username dh password blues

Let's SSH from R1:

R1#ssh ?
-c Select encryption algorithm
-l Log in using this user name
-m Select HMAC algorithm
-o Specify options
-p Connect to this port
-v Specify SSH Protocol Version
WORD IP address or hostname of a remote system

R1#ssh -l dh


% No password set

Forgot the enable password! You know what to do...


  1. Hello

    ip domain-name is not mandatory if you add label to the crypto key generate rsa command



Note: Only a member of this blog may post a comment.