SSH
November 28th, 2008 in
CCIE,
IP and IOS Features | tags:
SSH In the previous post we configured an IPSEC over GRE tunnel with crypto maps. In this post I will talk about how to setup SSH on a router. Since I configured a cool network in the previous post I am going to use the same topology to set up SSH.
What we want to achieve is to be able to connect via SSH from router R5 over the IPSEC over GRE tunnel to router R4. Also we want the router R5 to use it’s loopback interface 5.5.5.5/32 to initiate the SSH session. Username will be chris and password will be cisco. Domain-name iplogic.nl
See below the diagram with the network used (it is the same as in the previous two posts)
For the routing :
R3 :
|
|
|
ip route 4.4.4.4 255.255.255.255 Tunnel10
ip route 5.5.5.5 255.255.255.255 172.16.3.5
|
R1 :
|
|
|
ip route 4.4.4.4 255.255.255.255 172.16.1.4
ip route 5.5.5.5 255.255.255.255 Tunnel10
|
First let’s configure router R4 so it can handle SSH-sessions. We have to configure a domain-name and user/password to be able to use SSH.
R4 :
|
|
|
R4(config)#ip domain-name iplogic.nl
R4(config)#crypto key generate rsa
The name for the keys will be: R4.iplogic.nl
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
% Generating 512 bit RSA keys ...[OK]
R4(config)#
*Mar 1 00:08:40.751: %SSH-5-ENABLED: SSH 1.99 has been enabled
R4(config)#
R4(config)#access-list 1 permit 5.5.5.5 log
R4(config)#access-list 1 deny any log
R4(config)#username chris privilege 15 password cisco
R4(config)#line vty 0 181
R4(config-line)#login local
R4(config-line)#transport input ssh
R4(config-line)#transport output none
R4(config-line)#access-class 1 in
|
Now let’s configure router R5 :
R5 :
|
|
|
R5(config)#ip domain-name iplogic.nl
R5(config)#crypto key generate rsa
The name for the keys will be: R5.iplogic.nl
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
% Generating 512 bit RSA keys ...[OK]
R5(config)#
R5(config)#
*Mar 1 00:09:40.467: %SSH-5-ENABLED: SSH 1.99 has been enabled
R5(config)#
R5(config)#ip ssh source-interface lo 0
|
Now let’s try and see if it works :
R5 :
|
|
|
R5#ssh -l chris 4.4.4.4
Password:
R4#
|