Love My Love

Cisco sshd config

2020.02.29
  1. test if device can up sshd service

if

# show ip ssh

SSH Disabled - version 1.99
%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Authentication methods:publickey,keyboard-interactive,password
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE

means’ ssh supported just need config

  1. config domain name
#conf t
(config)#ip domain-name domain222test
  1. generate rsa
(config)#crypto key generate rsa

The name for the keys will be: CE22.domain222test
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 8 seconds)
  1. user account add username: demo and password: demo
(config)#username demo secret demo
  1. Up ssh protocal on vty line
(config)#line vty 0
(config-line)#transport input ssh  // Up ssh login
(config-line)#login local  // auth by local
  1. config sshd
(config)#ip ssh time-out 120
(config)#ip ssh authentication-retries 1
(config)#ip ssh version 2
发表评论