Thursday, July 3, 2008

SSH for VTY access

This is a very simple lab for SSH access:

R1 and R2 connected to same LAN
R1 will be the client, R4 the server

Let's enable SSH on R2:

R2(config)#ip domain-name theseblues.com

R2(config)#crypto key generate rsa
The name for the keys will be: R2.theseblues.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]

R2(config)#
*Mar 1 00:18:50.259: %SSH-5-ENABLED: SSH 1.99 has been enabled
R2(config)#
R2(config)#line vty 0 4
R2(config-line)#login local
R2(config-line)#transport input ssh
R2(config-line)#exit
R2(config)#username dh password blues

Let's SSH from R1:

R1#ssh ?
-c Select encryption algorithm
-l Log in using this user name
-m Select HMAC algorithm
-o Specify options
-p Connect to this port
-v Specify SSH Protocol Version
WORD IP address or hostname of a remote system

R1#ssh -l dh 192.168.0.2

Password:

R2>en
% No password set
R2>

Forgot the enable password! You know what to do...

2 comments:

  1. Hello

    ip domain-name is not mandatory if you add label to the crypto key generate rsa command

    Cheers!

    ReplyDelete

Note: Only a member of this blog may post a comment.