Thursday, 12 April 2007

Using SSH on Cisco Routers

In the days we live in you never know who is monitoring traffic on your LAN your WAN or just plain internet.

Now you want to still administer your routers and switches without someone logging your password, since telnet sends the username and password in clear unencrypted text it’s not very secure, the answer to this is to use SSH (Secure Shell) to do this you will need to setup SSH on your router or switch.

To start you will need to login, and get to enable mode.

We are going to make the router in our example then name gatekeeper.cisco.com

hostname gatekeeper

Now your router or switch is called gatekeeper, personal I would use something a bit more inventive, next we need to set the domain normally this would be your domain but in this example cisco.com

Ip domain-name cisco.com

Now you a encryption level recommended is 1024 bit but you can use between 512 and 2048 for this example we’ll use 1024

crypto key generate rsa 1024

Next we will set the SSH time out for 60 seconds to login with username and password before it times out, the max setting for this is 120 seconds or 2 minute in English.

ip ssh timeout 60

and last of all we’ll set the number of password try’s before it disconnects the user, in this example 3

ip ssh authentication-retries 3

And that’s how simple it is, the only think that remains is to use a SSH client you can find many of them around for all platforms I personal quite like PuTTY.

You can also use the show ssh and show ip ssh commands

show ssh shows the active sessions

show ip ssh shows the status and version running on the router

No comments: