1) You MUST set a host namehostname ciscolab
2) You MUST set a ip domain nameip domain-name mydomain.com
3) You MUST enable aaa new-model OR set “login local” under vty configuration but not just “login”aaa new-model
4) You MUST create a userusername sshtest password 0 sshpass
5) You MUST generate RSA keyscrypto key generate rsa
if you have RSA keys before you will receive a message, type yes% You already have RSA keys defined named ciscolab.mydomain.com.
% Do you really want to replace them? [yes/no]: yes
it will ask for modulus size, 1024 is fine (it depends your security needs)How many bits in the modulus [512]: 1024
6) You MUST set vty access method to all OR ssh (if you chose ssh telnet will be disabled)line vty 0 4
transport input ssh
Reference ::
http://cisco-network.com/hands-on/ssh-cisco/
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml#diagram
No comments:
Post a Comment