常见的思科路由器的telnet远程登录虽然很简单和普及,但是安全性很低,因为采用的是明文数据传输,没有经过加密。所以很多时候是采用SSH来进行登陆的,这样即使遇到sniffer抓取数据表,也不会泄露路由器密码和账户信息。本文重点就介绍cisco上配置ssh登录的方法。 enable configure terminal enable secret cisco service password-encryption 启用密码加密服务 aaa new-model aaa authentication login AAA_LOCAL local username sunchao secret cicso username cocoe secret cisco security passwords min-length 5 配置密码最小长度 hostname R1 ip domain-name sunchao.com crypto key generate rsa access-list 10 remark Hosts allowed to SSH access-list 10 permit host 192.168.1.1 access-list 10 permit host 192.168.1.2 R2(config)#line vty 0 4 R2(config-line)#logging synchronous R2(config-line)#exec-timeout 5 30 R2(config-line)#login authentication AAA_LOCAL R2(config-line)#transport input ssh R2(config-line)#access-class 10 in R2(config-line)#end ip ssh version 2 ip ssh timeout 30 (设置最大空闲定时器) ip ssh authentication-retries 2 (最大失败尝试次数) R1登陆 R1#ssh -l sunchao 192.168.1.1 Open Password: |
不良信息举报Q:2000617|Archiver|ROS软路由论坛 ROSABC.com 网络方案网络工程交流
GMT+8, 2025-8-20 22:42 , Processed in 0.051380 second(s), 16 queries .
Powered by Discuz! X3.4
Copyright © 2001-2021, Tencent Cloud.
