由于密码和通讯都是明文的

Choose the size of the key modulus in the range of 360 to 2048 for your
ip access-list standard forssh-----------------------------------------定义SSH登陆源地址
transport input ssh--------------------------------------------------设置线路登陆模式为SSH

hostname Router1
login local
% Generating 1024 bit RSA keys ...[OK]

ip access-list standard forssh

 

ip domain-name runway.cn.net

How many bits in the modulus [512]: 1024-------------------------------指定1024位秘钥

username sshuser secret sshpassword
ip ssh time-out 30
access-class forssh in-----------------------------------------------应用访问列表

% Generating 1024 bit RSA keys ...[OK]

no ip ssh version------------------------------------------------------启用SSH V1 V2

使用telnet进行远程设备维护的时候，由于密码和通讯都是明文的，易受sniffer侦听，所以应采用SSH替代telnet。SSH (Secure Shell)服务使用tcp 22 端口，客户端软件发起连接请求后从服务器接受公钥，协商加密方法，成功后所有的通讯都是加密的。Cisco 设备目前支持SSH v1、v2,目前几乎所有cisco路由交换产品均支持SSH但要求IOS版本支持安全特性。Cisco实现 SSH的目的在于提供较安全的设备管理连接，不适用于主机到主机的通讯加密。 SSH协议要在12.1(11)以上的IOS版本才被cisco设备支持的.

a few minutes.

login authentication ssh---------------------------------------------指定验证登陆用户信息存储的地方
no ip ssh version
exec-timeout 30------------------------------------------------------设置线路登陆超时值
General Purpose Keys. Choosing a key modulus greater than 512 may take
transport input ssh
a few minutes.

ip domain-name runway.cn.net-------------------------------------------设置域名
General Purpose Keys. Choosing a key modulus greater than 512 may take
The name for the keys will be: Router1.runway.cn.net
aaa authentication login ssh local line none---------------------------设定SSH登陆信息存储地方
crypto key generate rsa
line vty 0 4
permit any
exec-timeout 30
permit any
Choose the size of the key modulus in the range of 360 to 2048 for your
ip ssh time-out 30-----------------------------------------------------设定SSH超时值
aaa new-modle----------------------------------------------------------启用AAA服务
line vty 0 4

1、启用AAA的SSH配置：
access-class forssh in

 

The name for the keys will be: Router1.runway.cn.net

username sshuser secret sshpassword------------------------------------指定SSH登陆用户名和密码

How many bits in the modulus [512]: 1024
crypto key generate rsa------------------------------------------------生成秘钥

2、不启用AAA的SSH配置