How to Make Secure Shell (SSH) Settings on the Cisco Router?

Posted on April 24, 2020April 23, 2020 by fadıl

Telnet gibi güvenlik açığı olan bir protokol kullanmak yerine giriş bilgilerinizi ve verileri akışlarınızı şifreleyecek daha güvenli olan bir protokol olanSecure Shell (SSH) kullanabilirsiniz. Bu sizi ve verilerinizi daha güvende hisetmenizi sağlayacaktır.
Şimdi adım adım SSH nasıl kurulacağını göreceğiz:

1. Hostname settings are made:

Router(config)#hostname techsoftcenter

1	Router(config)#hostname techsoftcenter

2. The domain name is set (here hostname and domain name are required to generate encrypted keys):

Todd(config)#ip domain-name techsoftcenter.com

1	Todd(config)#ip domain-name techsoftcenter.com

3. Encrypted keys are generated to securely conduct the session:

Todd(config)#crypto key generate rsa general-keys modulus ?
<360-2048> size of the key modulus [360-2048]
Todd(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: techsoftcenter.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
*April 23 11:30:30.035: %SSH-5-ENABLED: SSH 1.99 has been enabledCisco Internetworking Operating System (IOS) ve Security Device Manager (SDM)

Todd(config)#crypto key generate rsa general-keys modulus ?

<360-2048> size of the key modulus [360-2048]

Todd(config)#crypto key generate rsa general-keys modulus 1024

The name for the keys will be: techsoftcenter.com

% The key modulus size is 1024 bits

% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

*April 23 11:30:30.035: %SSH-5-ENABLED: SSH 1.99 has been enabledCisco Internetworking Operating System (IOS) ve Security Device Manager (SDM)

4. We create a username and password.

techsoftcenter(config) #username fadil password f123.

1	techsoftcenter(config) #username fadil password f123.

5. The maximum idle (idle) timer is set for SSH session: (assigns user after 60 seconds)

techsoftcenter(config)#ip ssh time-out ?
<1-120> SSH time-out interval (secs)
techsoftcenter(config)#ip ssh time-out 60

techsoftcenter(config)#ip ssh time-out ?

<1-120> SSH time-out interval (secs)

techsoftcenter(config)#ip ssh time-out 60

6. The maximum number of incorrect entries is set for an SSH connection:

techsoftcenter(config)#ip ssh authentication-retries ?
<0-5> Number of authentication retries
techsoftcenter(config)#ip ssh authentication-retries 2

techsoftcenter(config)#ip ssh authentication-retries ?

<0-5> Number of authentication retries

techsoftcenter(config)#ip ssh authentication-retries 2

7. We will determine the SSH version.

techsoftcenter(config)#ip ssh version 2

1	techsoftcenter(config)#ip ssh version 2

8. A connection to the vty lines of the router is established:

techsoftcenter (config) #line vty 0 1180
techsoftcenter (config-line) #login local (asks for the user's name and password in local)

1 2	techsoftcenter (config) #line vty 0 1180 techsoftcenter (config-line) #login local (asks for the user's name and password in local)

The last step is to configure SSH and Telnet as access protocols:

techsoftcenter (config-line) #transport input ssh telnet

1	techsoftcenter (config-line) #transport input ssh telnet

If you don’t use telnet at the end of the command line, only SSH will work on the router. It is not recommended to use both together, because it is necessary to know that SSH is safer than Telnet.

I hope it was a useful article.

Leave a Reply Cancel reply