[fusion_text]Connect to the switch or router using the console cable. Go to privileged EXEC mode and then global configuration.
Shell
1 2 3 4 | switch> enable switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. switch(config)# |
Before creating the keys, it’s better to set the hostname and domain name first.
You can do this as following:
Shell
1 2 3 | switch(config)# hostname Switch1 Switch1(config)# ip domain-name linuxsource.nl Switch1(config)# |
Then generate the keys to enable SSH for local and remote authenitcation:
Shell
1 2 3 4 5 6 7 8 9 10 11 | switch(config)# crypto key generate rsa The name for the keys will be: Switch1.linuxsource.nl Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 2048 <---- Choose the value you want (the higher the slower :) % Generating 2048 bit RSA keys, keys will be non-exportable...[OK] Switch1(config)# |
Then specify the time-outs (in seconds) and authentication retires:
Shell
1 2 | Switch1(config)# ip ssh time-out 30 Switch1(config)# ip ssh authentication-retries 3 |
Set access to the switch/router only with ssh so telnet isn’t used:
Shell
1 2 3 | Switch1(config)# line vty 0 4 Switch1(config-line)# transport input ssh Switch1(config-line)# |
Save you configuration!
Shell
1 2 3 4 | Switch1(config-line)# do wr Building configuration... [OK] Switch1(config-line)# |
Done !