Example 510 Configuring SSH Using Host and Domain Names

Router1#configure terminal Router1(config)#hostname Router-ssh Router-ssh(config)#ip domain-name mycompany.com Router-ssh(config)#crypto key generate rsa

The name for the keys will be: Router-ssh.mycompany.com

Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.

How many bits in the modulus [512] : 768 % Generating 768 bit RSA keys ...[OK] Router-ssh(config)#

Router-ssh(config)#ip ssh time-out 60 Router-ssh(config)#ip ssh version 2

Configuring a Router for SSHv2 Using RSA Key Pairs

You can also enable SSH using an RSA key pair name. (RSA is named for its inventors: Rivest, Shamir, and Adelman.) Cisco IOS routers might have many RSA key pairs. The key pair used for SSH must be specified during the SSH configuration.

To enable SSH support via RSA key pairs on a Cisco IOS router or switch, follow these steps:

Step 1. Specify the RSA key pair to be used for SSH via the ip ssh rsa keypair-name keypair-name global configuration command.

Step 2. Generate encryption keys for local and remote authentication using the crypto key generate rsa usage-keys label key-label modulus modulus-size global configuration command. Modulus size must be 768 bits for SSH.

Step 3. If desired, configure SSH control variables via the ip ssh {timeout seconds | authentication-retries integer} global configuration command.

Step 4. Specify the version of SSH to run on the device using the ip ssh version {1 | 2} command. This is an optional command. If the version is not specified, SSH runs in compatibility mode, where both versions are supported.

Example 5-11 shows a sample configuration of SSH using RSA key pairs.

0 0

Post a comment