由于密碼和通訊都是明文的
發(fā)布時(shí)間:2021-08-01 00:14
來(lái)源:網(wǎng)絡(luò )整理
閱讀:98
作者:thief8310
欄目: 云計算
歡迎投稿:712375056
Choose the size of the key modulus in the range of 360 to 2048 for your
ip access-list standard forssh-----------------------------------------定義SSH登陸源地址
transport input ssh--------------------------------------------------設置線(xiàn)路登陸模式為SSH
hostname Router1
login local
% Generating 1024 bit RSA keys ...[OK]
ip access-list standard forssh
ip domain-name runway.cn.net
How many bits in the modulus [512]: 1024-------------------------------指定1024位秘鑰
username sshuser secret sshpassword
ip ssh time-out 30
access-class forssh in-----------------------------------------------應用訪(fǎng)問(wèn)列表
% Generating 1024 bit RSA keys ...[OK]no ip ssh version------------------------------------------------------啟用SSH V1 V2
使用telnet進(jìn)行遠程設備維護的時(shí)候�����,由于密碼和通訊都是明文的�,易受sniffer偵聽(tīng)�����,所以應采用SSH替代telnet�。SSH (Secure Shell)服務(wù)使用tcp 22 端口�����,客戶(hù)端軟件發(fā)起連接請求后從服務(wù)器接受公鑰����,協(xié)商加密方法�,成功后所有的通訊都是加密的���。Cisco 設備目前支持SSH v1�、v2,目前幾乎所有cisco路由交換產(chǎn)品均支持SSH但要求IOS版本支持安全特性�。Cisco實(shí)現 SSH的目的在于提供較安全的設備管理連接�,不適用于主機到主機的通訊加密�。 SSH協(xié)議要在12.1(11)以上的IOS版本才被cisco設備支持的.
a few minutes.login authentication ssh---------------------------------------------指定驗證登陸用戶(hù)信息存儲的地方
no ip ssh version
exec-timeout 30------------------------------------------------------設置線(xiàn)路登陸超時(shí)值
General Purpose Keys. Choosing a key modulus greater than 512 may take
transport input ssh
a few minutes.ip domain-name runway.cn.net-------------------------------------------設置
域名General Purpose Keys. Choosing a key modulus greater than 512 may take
The name for the keys will be: Router1.runway.cn.net
aaa authentication login ssh local line none---------------------------設定SSH登陸信息存儲地方
crypto key generate rsa
line vty 0 4
permit any
exec-timeout 30
permit any
Choose the size of the key modulus in the range of 360 to 2048 for your
ip ssh time-out 30-----------------------------------------------------設定SSH超時(shí)值
aaa new-modle----------------------------------------------------------啟用AAA服務(wù)
line vty 0 4
1����、啟用AAA的SSH配置:
access-class forssh in
The name for the keys will be: Router1.runway.cn.net
username sshuser secret sshpassword------------------------------------指定SSH登陸用戶(hù)名和密碼
How many bits in the modulus [512]: 1024
crypto key generate rsa------------------------------------------------生成秘鑰
2����、不啟用AAA的SSH配置
