使用 h协议访问cisco设备

文章作者 100test 发表时间 2007:11:14 12:12:08
来源 100Test.Com百考试题网

SSH 协议要在12.1（11）以上的IOS 版本才被cisco 设备支持的。查看IOS版本

Router#show version
Cisco IOS Software, 3600 Software (C3640-JS-M), Version 12.4(10), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 16-Aug-06 04:04 by prod_rel_team
ROM: ROMMON Emulation Microcode
ROM: 3600 Software (C3640-JS-M), Version 12.4(10), RELEASE SOFTWARE (fc1)
Router uptime is 11 minutes
System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0,

BOOT_COUNT 0, BOOTDATA 19
System restarted at 19:05:39 UTC Wed Oct 24 2007
System image file is "tftp://255.255.255.255/unknown"
Cisco 3640 (R4700) processor (revision 0xFF) with 124928K/6144K bytes of memory.
Processor board ID 00000000
R4700 CPU at 100MHz, Implementation 33, Rev 1.2
1 FastEthernet interface
4 Serial interfaces
DRAM configuration is 64 bits wide with parity enabled.
125K bytes of NVRAM.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

下面开始正式配置SSH

ssh(config)#hostname ssh
ssh(config)#ip domain-name eric.com
ssh(config)#aaa new-model
ssh(config)#username eric86 password eric86
ssh(config)#crypto key generate rsa modulus 2048
The name for the keys will be: ssh.eric.com
% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
ssh(config)#line vty 0 15
ssh(config-line)#transport input ssh
ssh(config-line)#exit
*Oct 24 19:26:06.595: %SSH-5-ENABLED: SSH 1.99 has been enabled

出于安全方面的原因,在对企业的cisco网络产品应该启用SSH并禁用TELNET.因为telnet是以明文方式传递口令的,而ssh不以明文方式传递口令,并且可以与radius和racacs 的方法一起使用.这样一来就可以大大的增加cisco设备的安全性.问题虽简单,但细节决定一切.