Skip to main content

How to enable SSH login access to a Cisco 800 Series

How to enable SSH login access to a Cisco 800 Series

So you want to be able to secure your router so that it is necessary to ssh into it rater than just telnet in.

If this is being used as an ADSL or DSL router like in the article “Setting up a Cisco 800 series for ADSL

NOTE: This should work with any Cisco 800 Series router including the Cisco 801 Cisco 827 Cisco 837 Cisco 877 and Cisco 877W routers provided the Cisco IOS on the router supports ssh
Firstly is ssh enabled?


router#sh ip ssh
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH.
Authentication timeout: 60 secs; Authentication retries: 5

In this case its not, if you got a error saying that sh ip ssh is not recognized then you would know that ssh is not supported or possibly that the command is different for your platform.

How to enable SSH on a Cisco 800 series


router# config term
router(config)#crypto key generate rsa usage-keys label router-key
The name for the keys will be: router-key
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
Choose the size of the key modulus in the range of 360 to 2048 for your
Encryption Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

router (config)#
000047: *Mar 1 20:40:50.843 UTC: %SSH-5-ENABLED: SSH 1.99 has been enabled
router (config)#exit

According to the line above SSH has been enabled, we can confirm this by running the sh ip ssh command again.






router#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
router#

Now setting the router up to accept ssh logins

Usually it will anyway because by default the transport is set to all

transport preferred all
transport input all

But we want to change that

Router#conf t
!
line vty 0 4
access-class 1 in
exec-timeout 30 0
privilege level 15
login local
transport preferred ssh
transport input ssh
!
Write your config and test it.

Comments

Popular posts from this blog

Setting up and Installing Rancid on FreeBSD for Cisco Products

Setting up and Installing Rancid on FreeBSD for Cisco Products What is Rancid? Rancid is an application that monitors a devices configuration including software and hardware. The configuration is then stored in a Concurrent Version System or CVS. Most of the time it is used to back up router, switch and firewall configurations, as well as notify you when a configuration has changed, i.e a firewall rule or a routers IP address or access list change. here is an example of the output =================================================================== retrieving revision 1.29 diff -u -4 -r1.29 mpls-jhb-pe1 @@ -288,9 +288,9 @@ ! interface Serial0/0 description Link to Client X bandwidth 2048 - ip address 192.168.1.244 255.255.255.254 + ip address 192.168.1.234 255.255.255.254 ip route-cache flow ip tcp header-compression iphc-format ip tcp compression-connections 256 ! ip ospf message-digest-key 1 md5 the - symbol represents what was removed the + symbol represents what was added The abo

Tacacs+ Install and Config Guide

Tacacs+ Install and Config Guide What is TACACS As per wikipedia Terminal access controller access control system (TACACS) is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. Installing Tacacs on FreeBSD This guide is intended to be a basic implementation of TACACS+, so although there are may features I am just going to document what I generally use. Please note that tac_plus is also available from Shrubbery Networks if you would like to install and configure on another platform. You may also want to check out my Rancid How-To Once again its in your ports directory. cd to /usr/ports/net/tac_plus4/ run a "make install clean" Once installed vi /usr/local/etc/rc.d/tac_plus.sh Then Change the following line from NO to YES tac_plus_enable=$ Save the file, then vi /e

FreeBSD, Postfix, Mailscanner and Mailwatch Installation

Installing postfix, mailscanner and mailwatch on FreeBSD I have setup a number of servers using mailscanner and postfix to do antispam and antivirus checking. This particular example will show you how to set the server up as a mail gateway. i.e. all inbound and outbound mail will go via this server. You can also use the server as a pop3/imap4 server and doing so, does make life a little easier as you don't have to worry about the transport and relay_hosts files. At a later stage I will show that info too..... when I get a chance. This my seem strange but as there is quite a bit involved in installing and configuring I am splitting this into two How-To's this one, The install How-To and the configuration How-To First off its probably best to start on a new install of FreeBSD. Once you have done the initial portsnap fetch and portsnap extract Right here we go. Two things you might want to do is force your NIC to 100MB full duplex and install lsof Type in ifconfig and check if the