A test topology
Two Server configuration
①Configure hostname and domain name
Because the key of rsa is generated by hostname and domain name
Router(config)#host Server
Server(config)#ip domain name test.com
②Generate RSA key
When the rsa key is generated, the ssh service will be automatically opened, otherwise it will be automatically closed
To delete an RSA key pair, use the crypto key zeroize rsa global configuration mode command. After deleting the RSA key pair, the SSH server is automatically disabled
Server(config)#crypto key generate rsa
The name for the keys will be: Server.test.com
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048 //Set the key length
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 7 seconds)
Server(config)#
*May 2 09:50:12.583: %SSH-5-ENABLED: SSH 1.99 has been enabled //ssh自动开启
③Configure username and password
Server(config)#username admin privilege 0 secret cisco //If the privilege is not 0, it will automatically enter the privileged mode during ssh (that is, neither the enable command nor the enable password is required)
④Configure enable password
Server(config)#enable secret cisco
⑤Configure vty
Server(config)#line vty 0 4
Server(config-line)#exec-timeout 10 0
Server(config-line)#logging synchronous
Server(config-line)#login local
Server(config-line)#transport input ssh
⑥ Other settings of ssh
Server(config)#ip ssh time-out 120 //ssh timeout
Server(config)#ip ssh authentication-retries 2 //Number of ssh authentication failures
Server(config)#ip ssh version 2 //ssh version
Server(config)#ip ssh source-interface fastEthernet 0/0 //If the specified interface has a vlan, it can also be used. After the specified interface, other interfaces on the device cannot be ssh.
Three test login
Note: You need to specify the user to use the ssh command on the cisco device (if the username is not configured locally)
Client#ssh -l admin 12.1.1.2 Passwor
Password:
Server>en
Password:
Server#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Server(config)#end