Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Sunday, June 12, 2011

SSH configure on Cisco router

SSH configure on Cisco router:
There are two versions of Secure Shell: SSH1 and SSH2. CiscoIOS 12.1(3)T was the first version to support SSH1; however, it does require the Data Encryption Standard (DES) or triple DES (3DES) IPSec encryption version of the IOS.

Step 1:
Router>enable
Router#configure terminal

Router(config)#hostname ssh                         >> hostname “ssh”. Its depend on you
ssh(config)#enable password 12345              >> (Optional) configure the privilege password
ssh(config)#ip domain-name cisco.com          >> Create domain as your policy   
ssh(config)#username admin password cisco  >> also use “secret” instead of “password”
ssh(config)#ip ssh version 2                           >> For version 2, default version 1
ssh(config)#crypto key generate rsa               >> Generate RSA encryption key (Note: ssh#crypto key zeroize rsa   >> to remove rsa key if needed)

........................................... Router Message......................................
The name for the keys will be: ssh.cisco.com

Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.
How many bits in the modulus [512]: 512         >> input bits as your requirement
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
.............................................................................................................

Step 2: Configure line vty

ssh(config)#line vty 0 4
ssh(config-line)#transport input ssh
ssh(config-line)#login local    >> For local Username Password database....

optional:
ssh(config)#ip ssh time-out 20   >> how many minute wait
ssh(config)#ip ssh authentication-retries 2

Step 3: SSH to router from PC

PC>ssh -l admin 1.1.1.1
Open
Password:                        >> enter admin password
ssh>enable
Password:                     >> enter privilege password
ssh#                              >> finally you login
 
Show ssh status:
ssh#show ip ssh
ssh#debug ip ssh 


Example to SSH configure
 
ssh#show running-config
Building configuration...
Current configuration : 920 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ssh
!
enable password 12345
!
username admin password 0 cisco
!
ip ssh version 2
ip ssh authentication-retries 2
ip ssh time-out 20
ip domain-name cisco.com
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.140.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.10.10.1 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 1
 network 192.168.140.0
 network 10.10.10.0 0.0.0.255
 network 1.1.1.1 0.0.0.0
 no auto-summary
!
ip classless
!
line con 0
line vty 0 4
 login local
 transport input ssh
!
end
Posted by at 4 comments:
Labels:

Saturday, June 11, 2011

Configure password for Cisco device (privilege, line consol, line vty)


Configure password for Cisco device (privilege, line consol, line vty)

To encrypt all plain text configuration:
Router>enable
Router#configure terminal
Router(config)#service password-encryption

Configure privilege mode password:
Router>enable
Router#configure terminal

Router(config)#enable password cisco   >> non encrypted password OR
Router(config)#enable secret cisco         >> Encrypted password

Configure Line Console password:
Router>enable
Router#configure terminal

Router(config)#line console 0
Router(config-line)#password cisco
Router(config-line)#login                     >>  Enable password checking

Router(config-line)#logging synchronous   >> Synchronized message output (Optional)

Configure Telnet  or line vty password:
Router>enable
Router#configure terminal
Router(config)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#login                     >>  Enable password checking

Configure Telnet  or line vty with security :
Telnet configure with line Vty security (Cisco device):
Please configure as your network policy

Step 1:
Router>enable
Router#configure terminal

Router(config)#line vty 0 4
Router(config-line)#password cisco  >> Create password
Router(config-line)#login  >> for Enable password checking

Step 2: (Create ACL)
Router#configure terminal
Router(config)#access-list 2 permit 192.168.110.10 >> Create Standard ACL

Step 3: (Apply)
Router(config)#line vty 0 4
Router(config-line)#access-class 2 in   >> use in/out as your network policy
Posted by at 1 comment:
Labels:

Thursday, June 9, 2011

Telnet configure with line Vty security

Telnet configure with line Vty security (Cisco device):
Please configure as your network policy

Step 1:
Router>enable
Router#configure terminal
Router(config)#line vty 0 4
Router(config-line)#password cisco  >> Create password
Router(config-line)#login  >> for Enable password checking

Step 2: (Create ACL)
Router#configure terminal
Router(config)#access-list 2 permit 192.168.110.10 >> Create Standard ACL for allow Telnet

Step 3: (Apply)
Router(config)#line vty 0 4
Router(config-line)#access-class 2 in   >> use in/out as your network policy
Posted by at 2 comments:
Labels:
Subscribe to: Posts (Atom)