SSH
Step 1: Configuration of the hostname is one of the critical elements used to create an RSA key pair.
#hostname name
Step 2: Domain name is one of the elements used to create a key pair.
#ip domain-name domain-name
Step 3: Create local user names, privilege and password;
#username name privilege level secret password
Step 4: Generate RSA Key pair;
#crypto key generate rsa modulus size
Step 5: To enable remote SSH login on VTY terminals;
#line vty 0 4
#transport input ssh
Step 6: Enable authentication on the vty lines;
#login local
Enable
Enable secret gives level 15 privileges on an IOS device configured with #enable secret password.
Enable secret password appears in a router’s running configuration as a SHA-256 has. (4 in the string). Older IOS versions use MD5 (5 in hash).
Line
Line password authenticates a user logging to VTY, console or AUX. It shows up as clear text in running configuration. Encrypt the password using #service password encryption. This uses Type 7 encryption (Vigenere cipher). Cisco recommends the use of username password combination.
No comments:
Post a Comment