Hardware and Software Versions
The information in this document is based on the software version below.
Cisco IOS 3600 Software (C3640-IK9S-M), Version 12.2(2)T1
SSH was introdUCed into IOS platforms/images as shown below.
SSH Version 1.0 (SSHv1) server was introduced in some IOS platforms/images starting in 12.0.5.S.
SSH client was introduced in some IOS platforms/images starting in 12.1.3.T.
SSH terminal-line Access (also known as reverse-telnet) was introduced in some IOS platforms/images starting in 12.2.2.T.
[[The No.1 Picture.]]
Testing Authentication Without SSH:
!--- aaa new-model causes the local username/passWord on the router
!--- to be used in the absence of other aaa statements.
aaa new-model
username cisco password 0 cisco
line vty 0 4
!--- Instead of aaa new-model, the login local command may be used.ip domain-name rtp.cisco.com
!--- Generate an SSH key to be used with SSH.
Testing Authentication With SSH:
cry key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2
ip domain-name rtp.cisco.com
!--- Generate an SSH key to be used with SSH.
cry key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2
line vty 0 4
!--- Prevent non-SSH telnets.
transport input ssh
ssh
!--- Step 1: Configure hostname if you have not previously done so.
hostname carter
!--- aaa new-model causes the local username/password on the router
!--- to be used in the absence of other AAA statements.
aaa new-model
username cisco password 0 cisco
!--- Step 2: Configure the router's DNS domain.
ip domain-name rtp.cisco.com
!--- Step 3: Generate an SSH key to be used with SSH.
cry key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2
!--- Step 4: By default the vtys' transport is Telnet. In this case,
!--- Telnet has been disabled and only SSH is supported.
line vty 0 4
transport input SSH
!--- Instead of aaa new-model, the login local command may be used.
测试ssh
ssh -l cisco -c 3des 10.13.1.99
Adding SSH Terminal-Line Access
ip ssh port 2001 rotary 1
line 1 16
no exec
rotary 1
transport input ssh
exec-timeout 0 0
modem In Out
Stopbits 1
