Configuration Topology Case
Case arranged in claim
1, for the Internet IP XY.XY.XY.X / 24, Loopback IP 0 to XXXX, where X oriented device ID, Y for the remote device ID;
2, using three routers for OSPF IGP communication;
3, using the port configuration 512bit key 2009 on the SSH R3;
. 4, the user created on R3: R1, password: Cisco;
. 5, the domain name for the SSH R3 is at www.cisco.com;
case arranged thinking
1, disposed on the IP R1, R2 and R3:
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config)#interface fastEthernet 0/1
R2(config-if)#ip address 23.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#interface loopback 0
R2(config-if)#ip address 2.2.2.2 255.255.255.0
R3(config)#interface fastEthernet 0/1
R3(config-if)#ip address 23.1.1.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.0
2, disposed on three OSPF routers providing connectivity to the IGP multicast;
R1(config)#router ospf 100
R1(config-router)#router-id 91.1.1.1
R1(config-router)#network 1.1.1.0 0.0.0.255 area 0
R1(config-router)#network 12.1.1.0 0.0.0.255 area 0
R2(config)#router ospf 100
R2(config-router)#router-id 92.2.2.2
R2(config-router)#network 2.2.2.0 0.0.0.255 area 0
R2(config-router)#network 12.1.1.0 0.0.0.255 area 0
R2(config-router)#network 23.1.1.0 0.0.0.255 area 0
R3(config)#router ospf 100
R3(config-router)#router-id 93.3.3.3
R3(config-router)#network 3.3.3.0 0.0.0.255 area 0
R3(config-router)#network 23.1.1.0 0.0.0.255 area 0
3, R3 in the domain:
R3(config)#ip domain-name www.cisco.com
4, the local user group and on VTY R3:
R3(config)#username R1 password cisco
R3(config)#line vty 0 4
R3(config-line)#login local
5, to generate SSH keys on R3:
R3(config)#crypto key generate rsa
The name for the keys will be: R3.www.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
6, arranged on the SSH R3:
R3(config)#ip ssh port 2009 rotary 1
R3(config)#line vty 0 4
R3(config-line)#rotary 1
R3(config-line)#transport inp
R3(config-line)#transport input ssh
Case test results
1, the configuration is complete, on R1 to R3 be SSH login:
R1#ssh -l R1 -p 2009 3.3.3.3
Password:
R3>
2, the configuration, in R1 to R3 for Telnet to:
R1#telnet 3.3.3.3
Trying 3.3.3.3 ...
% Connection refused by remote host
Summary and other
1, SSH is a secure remote control protocol, as it is not sent to the telnet data and a distal end with a key, but the data is encrypted with the local key, after which the distal end of dense decryption key, and enhance the security of data transmission;
2, one of the prerequisites to configure SSH to set up a local domain name;
3, first set the crypto key before configuring SSH;
4, by default, crypto key is 512bit, You can manually set up to enhance security;
5, after finished configuring SSH, the proposed closure of other landing approach at VTY, enhance security;