cisco ssh实验--附带配置脚本-2019.11.19

cisco ssh实验

 

 

①配置hostname和domain name

 

因为rsa的秘钥是用hostname和domain name产生的

 

Router(config)#host Server

Server(config)#ip domain name cisco.com

 

 

 

②生成RSA秘钥

 

当生成rsa秘钥后ssh服务会自动开启，反之会自动关闭，要删除 RSA 密钥对，请使用 crypto key zeroize rsa 全局配置模式命令。删除 RSA 密钥对之后，SSH 服务器将自动禁用

复制代码

 

Server(config)#crypto key generate rsa

The name for the keys will be: Server.test.com

Choose the size of the key modulus in the range of 360 to 4096 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.

 

How many bits in the modulus [512]: 2048 //设置秘钥长度

% Generating 2048 bit RSA keys, keys will be non-exportable...

[OK] (elapsed time was 7 seconds)

Server(config)#

*May 2 09:50:12.583: %SSH-5-ENABLED: SSH 1.99 has been enabled //ssh自动开启

 

 

 

 

③配置用户名和密码

 

Server(config)#username cisco privilege 0 secret cisco //这里如果privilege不是0 在ssh时就会自动进入特权模式（即不需要enable命令也不需要enable密码）

 

 

 

④配置enable密码

 

Server(config)#enable secret cisco

 

 

⑤配置vty

 

Server(config)#line vty 0 4

Server(config-line)#exec-timeout 10 0

Server(config-line)#logging synchronous

Server(config-line)#login local Server(config-line)#transport input ssh

 

 

 

⑥ssh的其他设置

 

Server(config)#ip ssh time-out 120 //ssh超时时间

Server(config)#ip ssh authentication-retries 2 //ssh认证失败的次数

Server(config)#ip ssh version 2 //ssh的版本

Server(config)#ip ssh source-interface fastEthernet 0/0 //指定接口如果有vlan也可以，当指定接口后设备上的其他接口就不能被ssh

 

 

 

三 测试登录

 

注意：在cisco设备上面使用ssh命令需要指定用户（如果本地未配置username）

复制代码

Client#ssh -l admin 12.1.1.2

Passwor Password:

Server>en

Password:

Server#conf t Server(config)#end Enter configuration commands, one per line. End with CNTL/Z.

Server#conf t

 

 

下面是配置命令

 

 

 

 

 

R1#show run

Building configuration...

 

Current configuration : 1326 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname SERver

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$9Oza$98c.gUgAsPYe3uHylits1/

!

no aaa new-model

memory-size iomem 5

no ip icmp rate-limit unreachable

ip cef

!

!

!

!

no ip domain lookup

ip domain name cisco.com

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

username cisco privilege 15 password 0 cisco

username ssh secret 5 $1$6Znv$9Z9cJJoDHy2ooYdiHlUsX/

archive

log config

hidekeys

!

!

!

!

ip tcp synwait-time 5

ip ssh time-out 30

ip ssh source-interface FastEthernet0/0

!

!

!

!

interface Loopback0

ip address 192.168.1.1 255.255.255.0

!

interface FastEthernet0/0

ip address 10.1.12.1 255.255.255.0

ip ospf network point-to-point

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

router ospf 1

router-id 1.1.1.1

log-adjacency-changes

network 10.1.12.1 0.0.0.0 area 0

!

ip forward-protocol nd

!

!

no ip http server

no ip http secure-server

!

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login local

transport input ssh

!

!

end