Configuring Secure Shell
Traditionally, network administrators have used Telnet to manage routers and
switches. The problem with Telnet, of course, is that it sends all traffic in
clear text, allowing attackers with access to the network to sniff passwords
and other sensitive information. You should use the encrypted SSH protocol
to manage network devices wherever possible. To configure SSH, complete
the following steps:
Step 1. Configure the domain name.
Step 2. Generate RSA keys.
Step 3. Optionally configure an SSH timeout interval and retry count.
Step 4. Disable Telnet.
Step 5. Enable SSH.
Example 5-7 demonstrates SSH configuration.
Example 5-7 Configuring SSH
R2(config)#ip domain-name test.com
R2(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: R2.test.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be nonexportable...[
OK]
*Dec 18 19:16:26.275: %SSH-5-ENABLED: SSH 1.99 has been enabled
R2(config)#ip ssh time-out 10
R2(config)#ip ssh authentication-retries 3
R2(config-line)#line vty 0 4
R2(config-line)#transport input none
R2(config-line)#transport input ssh