Difference between revisions of "SSH Cisco IOS"
m |
m (→Example of configuration) |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
=Prerequisits= | =Prerequisits= | ||
The SSH Version 2 server is supported in Cisco IOS Release 12.3(4)T, 12.3(2)XE, 12.2(25)S, and 12.3(7)JA.<br/><br/> | The SSH Version 2 server is supported in Cisco IOS Release 12.3(4)T, 12.3(2)XE, 12.2(25)S, and 12.3(7)JA.<br/><br/> | ||
− | The configuration for the SSH Version 2 server is similar to the configuration for SSH Version 1. The '''ip ssh version''' command was introduced so that you may define which version of SSH to configure. If you do not configure this command, SSH by default runs in compatibility mode; that is, both SSH Version 1 and SSH Version 2 connections are honored. | + | The configuration for the SSH Version 2 server is similar to the configuration for SSH Version 1. The '''ip ssh version''' command was introduced so that you may define which version of SSH to configure. If you do not configure this command, SSH by default runs in compatibility mode; that is, both SSH Version 1 and SSH Version 2 connections are honored.<ref>http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_shell_v2.html</ref> |
<br/><br/> | <br/><br/> | ||
− | SSH Version 1 is a protocol that has never been defined in a standard. If you do not want your router to fall back to the undefined protocol (Version 1), you should use the ip ssh version command and specify Version 2. | + | SSH Version 1 is a protocol that has never been defined in a standard. If you do not want your router to fall back to the undefined protocol (Version 1), you should use the ip ssh version command and specify Version 2.<br/> |
+ | On Pre IOS 15 SSH version 2 is only a SSH version 1.99 because it is missing some of the mandatory features of version 2. | ||
==Restrictions for Secure Shell Version 2 Support== | ==Restrictions for Secure Shell Version 2 Support== | ||
*SSH servers and SSH clients are supported in 3DES software images. | *SSH servers and SSH clients are supported in 3DES software images. | ||
Line 12: | Line 13: | ||
**Port forwarding | **Port forwarding | ||
**Compression | **Compression | ||
+ | |||
=Example of configuration= | =Example of configuration= | ||
<source lang=cli> | <source lang=cli> | ||
Line 46: | Line 48: | ||
service password-encryption | service password-encryption | ||
</source> | </source> | ||
+ | =References= | ||
+ | <references/> | ||
{{Source cli}} | {{Source cli}} | ||
[[Category:IOS]] | [[Category:IOS]] |
Latest revision as of 09:46, 1 October 2013
Prerequisits
The SSH Version 2 server is supported in Cisco IOS Release 12.3(4)T, 12.3(2)XE, 12.2(25)S, and 12.3(7)JA.
The configuration for the SSH Version 2 server is similar to the configuration for SSH Version 1. The ip ssh version command was introduced so that you may define which version of SSH to configure. If you do not configure this command, SSH by default runs in compatibility mode; that is, both SSH Version 1 and SSH Version 2 connections are honored.[1]
SSH Version 1 is a protocol that has never been defined in a standard. If you do not want your router to fall back to the undefined protocol (Version 1), you should use the ip ssh version command and specify Version 2.
On Pre IOS 15 SSH version 2 is only a SSH version 1.99 because it is missing some of the mandatory features of version 2.
Restrictions for Secure Shell Version 2 Support
- SSH servers and SSH clients are supported in 3DES software images.
- Execution Shell, remote command execution, and SCP are the only applications supported.
- Rivest, Shamir, and Adelman (RSA) key generation is an SSH server-side requirement. Routers that act as SSH clients need not generate RSA keys.
- The RSA key pair size must be greater than or equal to 768.
- The following functionality is not supported:
- Port forwarding
- Compression
Example of configuration
crypto key generate rsa general-keys modulus 1024
!
hostname R1
!
username admin password 0 l8heise
!
ip domain-name TSHOOT.HOT
!
aaa new-model
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
aaa session-id common
!
enable secret cisco
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface Loopback0
ip ssh logging events
!
line vty 0 4
transport input ssh
!
line con 0
login authentication CONSOLE
!
service password-encryption