Config SSH for Router

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Found a site in my network that was setup for SSH but allowing only telnet on the VTY with the command

transport input telnet



This was already in the config:

ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2


So I changed the input to SSH and test. Everything worked. Which was a relied since I was playing with fire. I did a reload in 10 minutes and saved the running config before I started testing. So I was pretty safe, but still playing with a small fire.

transport input ssh

SSH worked great! Whooo hoooo! Telnet was denied!!!! Whooo hooo my site is at least somewhat more safe against the evil hackers.

But...Cisco Documentation has two commands that I don't understand.

crypto key generate rsa
ip domain-name abccompany.com

Crypto key generate rsa seems pretty straight forward. You need to somehow generate a key for the ssh. But where does it go from the config after you enter it? My config doesn't have it in there.

And why do you have to belong to a domain if you are connecting with an ip address rather then going though DNS to get an ip address for a FQDN?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Found out that you need the domain to program the crypto key.
See below. I also need to configure a user account on the router. Which I need to explore some more.

ip ssh time-out 30
ip ssh authentication-retries 2


line vty 0 4
password cisco
login
transport input ssh

RouterA#sh ssh
%No SSH server connections running.

crypto key generate rsa

RouterA(config)#crypto key generate rsa
% Please define a domain-name first.

IP Domain-name lab.com

RouterA(config)#crypto key gen rsa
The name for the keys will be: RouterA.lab.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.


How many bits in the modulus [512]: 512
% Generating 512 bit RSA keys ...[OK]