Secure Shell or Secure Socket Shell, is a UNIX based command interface and protocol for securely getting access to a remote computer.
SSH is a suite of three utilities (slogin, ssh and scp) are encrypted and secured, both ends of client/server connection are authenticated using a digital certificate.
SSH uses RSA public key cryptography for both connection and authentication. Encryption algorithms include Blowfish, DES, and IDEA
IDEA is default algorithm
SSH2 is the latest version, proposed by IETF
SSH uses port 22
Basic SSH configuration for cisco router
create user name and password
1- R2(config)#username cisco password cisco
2- Create domain-name
R2(config)#ip domain-name SSH-lAB
3- Generate Certificate
R2(config)#crypto key generate rsa
The name for the keys will be: R2.SSH-lAB
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 512
% Generating 512 bit RSA keys ...[OK]
R2(config)#
*Mar 1 00:33:04.371: %SSH-5-ENABLED: SSH 1.5 has been enabled
4- Apply SSH to interface or VTY
R2(config-line)# login local
R2(config-line)#transport input ssh
R1#ssh -l cisco 192.168.10.2
Password:
R2>ena
Password:
R2#
R1#show crypto key mypubkey rsa
% Key pair was generated at: 00:14:35 UTC Mar 1 1993
Key name: R1.SSH-LAB
Usage: General Purpose Key
Key is not exportable.
Key Data:
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00A845F2 99A0B9D0
B663F008 435F3C6A AF7F53D7 9CDEB6B9 3389F2D2 EB5852D7 DB21FAA7 8D9BA489
CA71E6C5 BD00087D BBE2C833 C8172E57 58E1A6F3 BC58A5F2 91020301 0001
% Key pair was generated at: 00:14:37 UTC Mar 1 1993
Key name: R1.SSH-LAB.server
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00B0CA71 FC7EF3BC
702FBE93 5CCAA2E9 866F5642 3FD3E12B 566BF63A 72967FF7 BE73EBA5 1DC109A8
F544DA83 87B938DD 61D0FECE 55ACBD86 2FEAF66A 9E5526C8 2E53B9D5 63814B6B
5D3F8F72 ECAA8FA8 952DC75F 2F21C857 FB4358C4 9287F907 B1020301 0001
SSH is a suite of three utilities (slogin, ssh and scp) are encrypted and secured, both ends of client/server connection are authenticated using a digital certificate.
SSH uses RSA public key cryptography for both connection and authentication. Encryption algorithms include Blowfish, DES, and IDEA
IDEA is default algorithm
SSH2 is the latest version, proposed by IETF
SSH uses port 22
Basic SSH configuration for cisco router
create user name and password
1- R2(config)#username cisco password cisco
2- Create domain-name
R2(config)#ip domain-name SSH-lAB
3- Generate Certificate
R2(config)#crypto key generate rsa
The name for the keys will be: R2.SSH-lAB
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 512
% Generating 512 bit RSA keys ...[OK]
R2(config)#
*Mar 1 00:33:04.371: %SSH-5-ENABLED: SSH 1.5 has been enabled
4- Apply SSH to interface or VTY
R2(config-line)# login local
R2(config-line)#transport input ssh
R1#ssh -l cisco 192.168.10.2
Password:
R2>ena
Password:
R2#
R1#show crypto key mypubkey rsa
% Key pair was generated at: 00:14:35 UTC Mar 1 1993
Key name: R1.SSH-LAB
Usage: General Purpose Key
Key is not exportable.
Key Data:
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00A845F2 99A0B9D0
B663F008 435F3C6A AF7F53D7 9CDEB6B9 3389F2D2 EB5852D7 DB21FAA7 8D9BA489
CA71E6C5 BD00087D BBE2C833 C8172E57 58E1A6F3 BC58A5F2 91020301 0001
% Key pair was generated at: 00:14:37 UTC Mar 1 1993
Key name: R1.SSH-LAB.server
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00B0CA71 FC7EF3BC
702FBE93 5CCAA2E9 866F5642 3FD3E12B 566BF63A 72967FF7 BE73EBA5 1DC109A8
F544DA83 87B938DD 61D0FECE 55ACBD86 2FEAF66A 9E5526C8 2E53B9D5 63814B6B
5D3F8F72 ECAA8FA8 952DC75F 2F21C857 FB4358C4 9287F907 B1020301 0001
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.