[fusion_text]How to configure ssh and user accounts on most Cisco IOS devices:
[/fusion_text][separator style_type=”none” top_margin=”5″ bottom_margin=”” sep_color=”” border_size=”” icon=”” icon_circle=”” icon_circle_color=”” width=”” alignment=”center” class=”” id=””]
Go to global configuration:
Shell
1 2 | Linuxsource-Router> en Linuxsource-Router# conf t |
Set the domain:
Shell
1 | Linuxsource-Router(config)# ip domain-name linuxsource.nl |
Then create a stong key with 2048 bits:
Shell
1 2 3 4 5 6 7 8 9 10 11 | Linuxsource-Router(config)# crypto key generate rsa The name for the keys will be: Linuxsource-Router.linuxsource.nl Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 2048 % Generating 2048 bit RSA keys, keys will be non-exportable...[OK] |
Enable ssh on de the device (do not use the older version 1:
Shell
1 | Linuxsource-Router(config)# ip ssh version 2 |
Then create a local user account with encrypted password!
Shell
1 | Linuxsource-Router(config)# username sander secret cisco |
For creating a user with an unencrypted password, use:
Shell
1 | Linuxsource-Router(config)# username sander password cisco |
Allowing telnet and/or ssh to the device:
Shell
1 2 | Linuxsource-Router(config)# line vty 0 15 Linuxsource-Router(config-line)# transport input telnet ssh |
Don’t forget to define the login method to use the local user database
Shell
1 2 | Linuxsource-Router(config-line)# login local Linuxsource-Router(config-line)# end |
save the configuration:
Shell
1 | Linuxsource-Router(config)# copy running-config startup-config |
Done!