Wednesday, June 9, 2010

Set Up an IOS Router or Switch as SSH Client



There are four steps required to enable SSH support on an IOS router:
1. Configure the hostname command.
2. Configure the DNS domain.
3. Generate the SSH key to be used.
4. Enable SSH transport support for the virtual type terminal (vtys).
If you want to have one device act as an SSH client to the other, you can add SSH to a second device called
Reed. These devices are then in a client−server arrangement, where Carter acts as the server, and Reed acts as
the client. The IOS SSH client configuration on Reed is the same as required for the SSH server configuration
on Carter.
!−−− Step 1: Configure the hostname if you have not previously done so.
hostname carter
!−−− The aaa new−model command causes the local username and password on the router
!−−− to be used in the absence of other AAA statements.
aaa new−model
username cisco password 0 cisco
!−−− Step 2: Configure the DNS domain of the router.
ip domain−name rtp.cisco.com
!−−− Step 3: Generate an SSH key to be used with SSH.
cry key generate rsa
ip ssh time−out 60
ip ssh authentication−retries 2
!−−− Step 4: By default the vtys' transport is Telnet. In this case,
!−−− Telnet is disabled and only SSH is supported.
line vty 0 4
transport input SSH
!−−− Instead of aaa new−model, you can use the login local command.
Issue this command to SSH from the IOS SSH client (Reed) to the IOS SSH server (Carter) in order to test
this:
SSH v1:
ssh −l cisco −c 3des 10.13.1.99
•
SSH v2:
ssh −v 2 −c aes256−cbc −m hmac−sha1−160 −l cisco 10.31.1.99
•
Add SSH Terminal−Line Access

If you need outbound SSH terminal−line authentication, you can configure and test SSH for outbound reverse
Telnets through Carter, which acts as a comm server to Philly.
ip ssh port 2001 rotary 1
line 1 16
no exec
rotary 1
transport input ssh
exec−timeout 0 0
modem In Out
Stopbits 1
If Philly is attached to Carter's port 2, then you can configure SSH to Philly through Carter from Reed with
the help of this command:
SSH v1:
ssh −c 3des −p 2002 10.13.1.99
•
SSH v2:
ssh −v 2 −c aes256−cbc −m hmac−sha1−160 −p 2002 10.31.1.99
•
You can use this command from Solaris:
ssh −c 3des −p 2002 −x −v 10.13.1.99

Configure the SSH Version
Configure SSH v1:
carter (config)#ip ssh version 1
Configure SSH v2:
carter (config)#ip ssh version 2
Configure SSH v1 and v2:
carter (config)#no ip ssh version



shareDetect yahoo invisible

No comments:

Post a Comment