-
Define a domain name (plus hostname) on the router
Router# conf t (config)# hostname *exampleRouter* (config)# ip domain-name *example.com*
-
Create crypto key (certificate)
I would choose a 1024 key size out of personal taste. This process might take time on a slow device.
(config)# crypto key generate rsa general-keys modulos [360-2048] (config)# ip ssh version 2 (config)# end
-
Create an access-list so we can block incoming requests on port 22 and allow those upon the port we want tu use (example: 2233)
(config)# ip access-list ex denySSH (config-ext-nacl)# 10 deny tcp any any eq 22 (config-ext-nacl)# 20 permit tcp any any eq 2233 (config-ext-nacl)# end
-
Apply SSH connection type to router so it can authenticate using the router's local database.
(config)# config line vty 0 4 (config-line)# access-class denySSH in (config-line)# rotary 1 (config-line)# transport input ssh (config-line)# login (authentication) local (config-line)# end (config)# end
-
Save running config...
Router# copy startup-config running-config
Last active
February 15, 2018 22:31
-
-
Save elsauto/4341a20a13f104d7010e15ca7aefc73e to your computer and use it in GitHub Desktop.
[Cisco Router] #Cisco #IOS #CLI #SSH #Networking
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment