Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Sunday, June 12, 2011

SSH configure on Cisco router

SSH configure on Cisco router:
There are two versions of Secure Shell: SSH1 and SSH2. CiscoIOS 12.1(3)T was the first version to support SSH1; however, it does require the Data Encryption Standard (DES) or triple DES (3DES) IPSec encryption version of the IOS.

Step 1:
Router>enable
Router#configure terminal

Router(config)#hostname ssh                         >> hostname “ssh”. Its depend on you
ssh(config)#enable password 12345              >> (Optional) configure the privilege password
ssh(config)#ip domain-name cisco.com          >> Create domain as your policy   
ssh(config)#username admin password cisco  >> also use “secret” instead of “password”
ssh(config)#ip ssh version 2                           >> For version 2, default version 1
ssh(config)#crypto key generate rsa               >> Generate RSA encryption key (Note: ssh#crypto key zeroize rsa   >> to remove rsa key if needed)

........................................... Router Message......................................
The name for the keys will be: ssh.cisco.com

Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.
How many bits in the modulus [512]: 512         >> input bits as your requirement
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
.............................................................................................................

Step 2: Configure line vty

ssh(config)#line vty 0 4
ssh(config-line)#transport input ssh
ssh(config-line)#login local    >> For local Username Password database....

optional:
ssh(config)#ip ssh time-out 20   >> how many minute wait
ssh(config)#ip ssh authentication-retries 2

Step 3: SSH to router from PC

PC>ssh -l admin 1.1.1.1
Open
Password:                        >> enter admin password
ssh>enable
Password:                     >> enter privilege password
ssh#                              >> finally you login
 
Show ssh status:
ssh#show ip ssh
ssh#debug ip ssh 


Example to SSH configure
 
ssh#show running-config
Building configuration...
Current configuration : 920 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ssh
!
enable password 12345
!
username admin password 0 cisco
!
ip ssh version 2
ip ssh authentication-retries 2
ip ssh time-out 20
ip domain-name cisco.com
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.140.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.10.10.1 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 1
 network 192.168.140.0
 network 10.10.10.0 0.0.0.255
 network 1.1.1.1 0.0.0.0
 no auto-summary
!
ip classless
!
line con 0
line vty 0 4
 login local
 transport input ssh
!
end

Saturday, June 11, 2011

Configure password for Cisco device (privilege, line consol, line vty)


Configure password for Cisco device (privilege, line consol, line vty)

To encrypt all plain text configuration:
Router>enable
Router#configure terminal
Router(config)#service password-encryption

Configure privilege mode password:
Router>enable
Router#configure terminal

Router(config)#enable password cisco   >> non encrypted password OR
Router(config)#enable secret cisco         >> Encrypted password

Configure Line Console password:
Router>enable
Router#configure terminal

Router(config)#line console 0
Router(config-line)#password cisco
Router(config-line)#login                     >>  Enable password checking

Router(config-line)#logging synchronous   >> Synchronized message output (Optional)

Configure Telnet  or line vty password:
Router>enable
Router#configure terminal
Router(config)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#login                     >>  Enable password checking

Configure Telnet  or line vty with security :
Telnet configure with line Vty security (Cisco device):
Please configure as your network policy

Step 1:
Router>enable
Router#configure terminal

Router(config)#line vty 0 4
Router(config-line)#password cisco  >> Create password
Router(config-line)#login  >> for Enable password checking

Step 2: (Create ACL)
Router#configure terminal
Router(config)#access-list 2 permit 192.168.110.10 >> Create Standard ACL

Step 3: (Apply)
Router(config)#line vty 0 4
Router(config-line)#access-class 2 in   >> use in/out as your network policy

Thursday, June 9, 2011

Telnet configure with line Vty security

Telnet configure with line Vty security (Cisco device):
Please configure as your network policy

Step 1:
Router>enable
Router#configure terminal
Router(config)#line vty 0 4
Router(config-line)#password cisco  >> Create password
Router(config-line)#login  >> for Enable password checking

Step 2: (Create ACL)
Router#configure terminal
Router(config)#access-list 2 permit 192.168.110.10 >> Create Standard ACL for allow Telnet

Step 3: (Apply)
Router(config)#line vty 0 4
Router(config-line)#access-class 2 in   >> use in/out as your network policy