Wednesday, April 8, 2009

Configuring ssh on a cisco switch or router

To get ssh working on cisco gear, you first need an image which actually supports it. Seriously? This is retarded. Upgrading is fairly easy via the web interface once you have navigated the cisco downloads maze. They have a HOWTO enable ssh, that boils down to:

aaa new-model
username someuser password 0 thisisabadpword
service password-encryption
line vty 0 4
transport input telnet

Test with telnet and the username/password you used above then:

ip domain-name mydomain.com
cry key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2

Disable everything except ssh:

line vty 0 4
transport input ssh

If there is another vty line, then do the same for that one.

No comments: