SSH configuration examples

Configuration Topology Case

Case arranged in claim
1, for the Internet IP XY.XY.XY.X / 24, Loopback IP 0 to XXXX, where X oriented device ID, Y for the remote device ID;
2, using three routers for OSPF IGP communication;
3, using the port configuration 512bit key 2009 on the SSH R3;
. 4, the user created on R3: R1, password: Cisco;
. 5, the domain name for the SSH R3 is at www.cisco.com;
case arranged thinking
1, disposed on the IP R1, R2 and R3:

R1(config)#interface fastEthernet 0/0       
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#no shutdown                      
R1(config-if)#interface loopback 0             
R1(config-if)#ip address 1.1.1.1 255.255.255.0 
R2(config)#interface fastEthernet 0/0       
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config)#interface fastEthernet 0/1       
R2(config-if)#ip address 23.1.1.2 255.255.255.0
R2(config-if)#no shutdown                      
R2(config-if)#interface loopback 0             
R2(config-if)#ip address 2.2.2.2 255.255.255.0 
R3(config)#interface fastEthernet 0/1       
R3(config-if)#ip address 23.1.1.3 255.255.255.0
R3(config-if)#no shutdown                      
R3(config-if)#interface loopback 0             
R3(config-if)#ip address 3.3.3.3 255.255.255.0 

2, disposed on three OSPF routers providing connectivity to the IGP multicast;

R1(config)#router ospf 100                  
R1(config-router)#router-id 91.1.1.1               
R1(config-router)#network 1.1.1.0 0.0.0.255 area 0
R1(config-router)#network 12.1.1.0 0.0.0.255 area 0
R2(config)#router ospf 100                  
R2(config-router)#router-id 92.2.2.2               
R2(config-router)#network 2.2.2.0 0.0.0.255 area 0
R2(config-router)#network 12.1.1.0 0.0.0.255 area 0
R2(config-router)#network 23.1.1.0 0.0.0.255 area 0
R3(config)#router ospf 100                  
R3(config-router)#router-id 93.3.3.3               
R3(config-router)#network 3.3.3.0 0.0.0.255 area 0
R3(config-router)#network 23.1.1.0 0.0.0.255 area 0

3, R3 in the domain:

R3(config)#ip domain-name www.cisco.com

4, the local user group and on VTY R3:

R3(config)#username R1 password cisco
R3(config)#line vty 0 4
R3(config-line)#login local

5, to generate SSH keys on R3:

R3(config)#crypto key generate rsa 
The name for the keys will be: R3.www.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

6, arranged on the SSH R3:

R3(config)#ip ssh port 2009 rotary 1
R3(config)#line vty 0 4
R3(config-line)#rotary 1
R3(config-line)#transport inp
R3(config-line)#transport input ssh

Case test results
1, the configuration is complete, on R1 to R3 be SSH login:

R1#ssh -l R1 -p 2009 3.3.3.3

Password: 

R3>

2, the configuration, in R1 to R3 for Telnet to:

R1#telnet 3.3.3.3
Trying 3.3.3.3 ... 
% Connection refused by remote host

Summary and other
1, SSH is a secure remote control protocol, as it is not sent to the telnet data and a distal end with a key, but the data is encrypted with the local key, after which the distal end of dense decryption key, and enhance the security of data transmission;
2, one of the prerequisites to configure SSH to set up a local domain name;
3, first set the crypto key before configuring SSH;
4, by default, crypto key is 512bit, You can manually set up to enhance security;
5, after finished configuring SSH, the proposed closure of other landing approach at VTY, enhance security;