Hardware and Software Versions The information in this document is based on the software version below.
Cisco IOS 3600 Software (C3640-IK9S-M), Version 12.2(2)T1
SSH was introdUCed into IOS platforms/images as shown below.
SSH Version 1.0 (SSHv1) server was introduced in some IOS platforms/images starting in 12.0.5.S. SSH client was introduced in some IOS platforms/images starting in 12.1.3.T. SSH terminal-line access (also known as reverse-telnet) was introduced in some IOS platforms/images starting in 12.2.2.T. [[The No.1 Picture.]] Testing Authentication Without SSH: !--- aaa new-model causes the local username/passWord on the router !--- to be used in the absence of other aaa statements. aaa new-model username cisco password 0 cisco line vty 0 4 !--- Instead of aaa new-model, the login local command may be used.ip domain-name rtp.cisco.com !--- Generate an SSH key to be used with SSH.
Testing Authentication With SSH: cry key generate rsa ip ssh time-out 60 ip ssh authentication-retries 2
ip domain-name rtp.cisco.com !--- Generate an SSH key to be used with SSH. cry key generate rsa ip ssh time-out 60 ip ssh authentication-retries 2
line vty 0 4 !--- PRevent non-SSH telnets. transport input ssh ssh !--- Step 1: Configure hostname if you have not previously done so. hostname carter !--- aaa new-model causes the local username/password on the router !--- to be used in the absence of other AAA statements. aaa new-model username cisco password 0 cisco !--- Step 2: Configure the router's DNS domain. ip domain-name rtp.cisco.com !--- Step 3: Generate an SSH key to be used with SSH. cry key generate rsa ip ssh time-out 60 ip ssh authentication-retries 2 !--- Step 4: By default the vtys' transport is Telnet. In this case, !--- Telnet has been disabled and only SSH is supported. line vty 0 4 transport input SSH !--- Instead of aaa new-model, the login local command may be used. 测试ssh ssh -l cisco -c 3des 10.13.1.99 Adding SSH Terminal-Line Access ip ssh port 2001 rotary 1 line 1 16 no exec rotary 1 transport input ssh exec-timeout 0 0 modem In Out Stopbits 1
