Configuring Secure Shell on Cisco IOS Routers

admin

　Hardware and Software Versions
　　The information in this document is based on the software version below.
　　
　　Cisco IOS 3600 Software (C3640-IK9S-M), Version 12.2(2)T1
　　
　　SSH was introduced into IOS platforms/images as shown below.
　　
　　SSH Version 1.0 (SSHv1) server was introduced in some IOS platforms/images starting in 12.0.5.S.
　　SSH client was introduced in some IOS platforms/images starting in 12.1.3.T.
　　SSH terminal-line access (also known as reverse-telnet) was introduced in some IOS platforms/images starting in 12.2.2.T.
　　[[The No.1 Picture.]]
　　Testing Authentication Without SSH:
　　!--- aaa new-model causes the local username/password on the router
　　!--- to be used in the absence of other aaa statements.
　　aaa new-model
　　username cisco password 0 cisco
　　line vty 0 4
　　!--- Instead of aaa new-model, the login local command may be used.ip domain-name rtp.cisco.com
　　!--- Generate an SSH key to be used with SSH.
　　
　　Testing Authentication With SSH:
　　cry key generate rsa
　　ip ssh time-out 60
　　ip ssh authentication-retries 2
　　
　　ip domain-name rtp.cisco.com
　　!--- Generate an SSH key to be used with SSH.
　　cry key generate rsa
　　ip ssh time-out 60
　　ip ssh authentication-retries 2
　　
　　line vty 0 4
　　!--- Prevent non-SSH telnets.
　　transport input ssh
　　ssh
　　!--- Step 1: Configure hostname if you have not previously done so.
　　hostname carter
　　!--- aaa new-model causes the local username/password on the router
　　!--- to be used in the absence of other AAA statements.
　　aaa new-model
　　username cisco password 0 cisco
　　!--- Step 2: Configure the router's DNS domain.
　　ip domain-name rtp.cisco.com
　　!--- Step 3: Generate an SSH key to be used with SSH.
　　cry key generate rsa
　　ip ssh time-out 60
　　ip ssh authentication-retries 2
　　!--- Step 4: By default the vtys' transport is Telnet. In this case,
　　!--- Telnet has been disabled and only SSH is supported.
　　line vty 0 4
　　transport input SSH
　　!--- Instead of aaa new-model, the login local command may be used.
　　测试ssh
　　ssh -l cisco -c 3des 10.13.1.99
　　Adding SSH Terminal-Line Access
　　ip ssh port 2001 rotary 1
　　line 1 16
　　no exec
　　rotary 1
　　transport input ssh
　　exec-timeout 0 0
　　modem In Out
　　Stopbits 1