How to Make Secure Shell (SSH) Settings on the Cisco Router?
Telnet gibi güvenlik açığı olan bir protokol kullanmak yerine giriş bilgilerinizi ve verileri akışlarınızı şifreleyecek daha güvenli olan bir protokol olanSecure Shell (SSH) kullanabilirsiniz. Bu sizi ve verilerinizi daha güvende hisetmenizi sağlayacaktır.
Şimdi adım adım SSH nasıl kurulacağını göreceğiz:
1. Hostname settings are made:
1 | Router(config)#hostname techsoftcenter |
2. The domain name is set (here hostname and domain name are required to generate encrypted keys):
1 | Todd(config)#ip domain-name techsoftcenter.com |
3. Encrypted keys are generated to securely conduct the session:
1 2 3 4 5 6 7 8 9 | Todd(config)#crypto key generate rsa general-keys modulus ? <360-2048> size of the key modulus [360-2048] Todd(config)#crypto key generate rsa general-keys modulus 1024 The name for the keys will be: techsoftcenter.com % The key modulus size is 1024 bits % Generating 1024 bit RSA keys, keys will be non-exportable…[OK] *April 23 11:30:30.035: %SSH-5-ENABLED: SSH 1.99 has been enabledCisco Internetworking Operating System (IOS) ve Security Device Manager (SDM) |
4. We create a username and password.
1 | techsoftcenter(config) #username fadil password f123. |
5. The maximum idle (idle) timer is set for SSH session: (assigns user after 60 seconds)
1 2 3 | techsoftcenter(config)#ip ssh time-out ? <1-120> SSH time-out interval (secs) techsoftcenter(config)#ip ssh time-out 60 |
6. The maximum number of incorrect entries is set for an SSH connection:
1 2 3 | techsoftcenter(config)#ip ssh authentication-retries ? <0-5> Number of authentication retries techsoftcenter(config)#ip ssh authentication-retries 2 |
7. We will determine the SSH version.
1 | techsoftcenter(config)#ip ssh version 2 |
8. A connection to the vty lines of the router is established:
1 2 | techsoftcenter (config) #line vty 0 1180 techsoftcenter (config-line) #login local (asks for the user's name and password in local) |
The last step is to configure SSH and Telnet as access protocols:
1 | techsoftcenter (config-line) #transport input ssh telnet |
If you don’t use telnet at the end of the command line, only SSH will work on the router. It is not recommended to use both together, because it is necessary to know that SSH is safer than Telnet.
I hope it was a useful article.