cisco SSH 配置示例及详解
2011-07-07 16:18
281 查看
使用telnet进行远程设备维护的时候,由于密码和通讯都是明文的,易受sniffer侦听,所以应采用SSH替代telnet。SSH (Secure Shell)服务使用tcp 22 端口,客户端软件发起连接请求后从服务器接受公钥,协商加密方法,成功后所有的通讯都是加密的。Cisco 设备目前支持SSH v1、v2,目前几乎所有cisco路由交换产品均支持SSH但要求IOS版本支持安全特性。Cisco实现 SSH的目的在于提供较安全的设备管理连接,不适用于主机到主机的通讯加密。 SSH协议要在12.1(11)以上的IOS版本才被cisco设备支持的. 1、启用AAA的SSH配置:
ip domain-name runway.cn.net-------------------------------------------设置域名
aaa new-modle----------------------------------------------------------启用AAA服务
crypto key generate rsa------------------------------------------------生成秘钥
The name for the keys will be: Router1.runway.cn.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.How many bits in the modulus [512]: 1024-------------------------------指定1024位秘钥
% Generating 1024 bit RSA keys ...[OK]username sshuser secret sshpassword------------------------------------指定SSH登陆用户名和密码
ip ssh time-out 30-----------------------------------------------------设定SSH超时值
no ip ssh version------------------------------------------------------启用SSH V1 V2
aaa authentication login ssh local line none---------------------------设定SSH登陆信息存储地方
ip access-list standard forssh-----------------------------------------定义SSH登陆源地址
permit any
line vty 0 4
exec-timeout 30------------------------------------------------------设置线路登陆超时值
login authentication ssh---------------------------------------------指定验证登陆用户信息存储的地方
transport input ssh--------------------------------------------------设置线路登陆模式为SSH
access-class forssh in-----------------------------------------------应用访问列表 2、不启用AAA的SSH配置
hostname Router1
ip domain-name runway.cn.net
crypto key generate rsa
The name for the keys will be: Router1.runway.cn.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys ...[OK]username sshuser secret sshpassword
ip ssh time-out 30
no ip ssh version
ip access-list standard forssh
permit any
line vty 0 4
exec-timeout 30
login local
transport input ssh
access-class forssh in
ip domain-name runway.cn.net-------------------------------------------设置域名
aaa new-modle----------------------------------------------------------启用AAA服务
crypto key generate rsa------------------------------------------------生成秘钥
The name for the keys will be: Router1.runway.cn.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.How many bits in the modulus [512]: 1024-------------------------------指定1024位秘钥
% Generating 1024 bit RSA keys ...[OK]username sshuser secret sshpassword------------------------------------指定SSH登陆用户名和密码
ip ssh time-out 30-----------------------------------------------------设定SSH超时值
no ip ssh version------------------------------------------------------启用SSH V1 V2
aaa authentication login ssh local line none---------------------------设定SSH登陆信息存储地方
ip access-list standard forssh-----------------------------------------定义SSH登陆源地址
permit any
line vty 0 4
exec-timeout 30------------------------------------------------------设置线路登陆超时值
login authentication ssh---------------------------------------------指定验证登陆用户信息存储的地方
transport input ssh--------------------------------------------------设置线路登陆模式为SSH
access-class forssh in-----------------------------------------------应用访问列表 2、不启用AAA的SSH配置
hostname Router1
ip domain-name runway.cn.net
crypto key generate rsa
The name for the keys will be: Router1.runway.cn.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys ...[OK]username sshuser secret sshpassword
ip ssh time-out 30
no ip ssh version
ip access-list standard forssh
permit any
line vty 0 4
exec-timeout 30
login local
transport input ssh
access-class forssh in
相关文章推荐
- cisco IOS SSH 配置示例及详解
- 三层交换机实现路由功能配置示例与详解 (Cisco Packer Tracer 模拟器)
- CISCO 配置SSH详解
- CISCO 配置SSH详解
- 在Cisco路由器上配置SSH服务
- Linux下SSH安装配置使用详解
- Cisco路由器交换机配置命令详解(2)
- Cisco路由器交换机配置命令详解
- 【SSH】hibernate中Oracle数据库配置文件详解
- SSH之web.xml配置详解
- Log4j 日志配置示例详解
- Cisco路由器双机热备的全面配置示例
- Linux SSH服务配置详解
- 基于数据库中间件Mycat的MySQL主从与读写分离配置详解与示例
- Log4j 日志配置示例详解
- 基于J2EE的SSH 整合应用及操作示例二(CRUD操作及配置)
- Cisco路由器上配置DHCP全程详解
- 详解nginx的基本配置及nginx.conf文件配置示例
- Cisco路由器上配置DHCP全程详解
- SSH中事务配置详解(使用拦截器)