Preface:
Recently, I have sorted out some previous study notes (some of them are missing, some of them will be disordered, and I will make up later).
In the past, it was stored locally, and this time it was transferred to the network for standby.
cisco SSH Remote Login configuration
0. Configure ip, start port
Switch>enable //Enter privileged mode Switch#configure terminal / / enter global mode Switch(config)#interface vlan 1 / / enter port VLAN 1 Switch(config-if)#ip address set ip subnet mask / / set ip Switch(config-if)#no shutdown / / start port
1. Configure hostname and domain name
· rsa The secret key to hostname and domain-name Produced Switch> enable Switch# configure terminal Switch(config)# Hostname switch ssh / / modify the device name. It cannot be router when ssh is configured. Switch-ssh(config)# IP domain name test.com / / to modify the domain name, ssh must be configured. Switch-ssh(config)# AAA new model / / enable 3a authentication (partially enabled)
2. Generate RSA secret key
· generate RSA Secret key after ssh The service will turn on automatically, otherwise it will turn off automatically Switch-ssh(config)# crypto key generate rsa / / generate RSA secret key How many bits in the modulus [512]: 768 //Set the length of the secret key, specify that the ssh2 version requires at least 768 %SSH-5-ENABLED: SSH 1.5 has been enabled //ssh auto on Switch-ssh(config)# Crypto key zero RSA / / delete RSA key
3. Create a new user and password
Switch-ssh(config)# Username username privilege 0 secret password / / 0, ssh will not enter privilege mode automatically
4. Configure enable privilege password
Switch-ssh(config)# enable secret password
5. Configure vty (virtual terminal)
Switch-ssh(config)# Line vty 0 4 / / 4, maximum number of parallel connections Switch-ssh(config-line)# transport input ssh / / only ssh is allowed. Switch-ssh(config-line)# Exec timeout 10 0 / / timeout Switch-ssh(config-line)# logging synchronous / / cursor following, synchronous information output Switch-ssh(config-line)# login local / / local password detection
6. Other settings of SSH
Switch-ssh(config)# IP SSH authentication retries 2 / / number of SSH authentication failures Switch-ssh(config)# IP SSH time out 120 / / SSH timeout in seconds Switch-ssh(config)# ip ssh version 2 / / specifies the ssh protocol version Switch-ssh(config)# IP ssh source interface F0 / 0 / / specify the ssh interface (vlan can also be used)
7. Save configuration
# write
8. Test login
- Using ssh command on cisco device requires specifying user (if username is not configured locally)
# Ssh-l switch user name switch ip address Password:User password # sw_ssh>enable Password: Privilege password