SSH Configuration
SSH is performed with IPv4 and IPv6 addresses.
IPv4 Address Configuration
Topology
Figure 4-4: SSH sample topology
Basic Configuration
#configure terminal | Enter configure mode |
(config)#ssh login-attempts 2 vrf management | Set the number of login attempts to 2 |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
Validation
#show ssh server
ssh server enabled port: 22
authentication-retries 2
#show running-config ssh server
feature ssh vrf management
ssh login-attempts 2 vrf management
SSH Client Session
When the device acts as an SSH client, it supports both SSH IPv4 sessions to log into the remote machine.
#ssh root@10.10.10.1 vrf management | Log into remote machine using an IPv4 address |
SSH Keys
Use the ssh key command to generate new RSA/DSA keys for the SSH server. By default, the system has RSA/DSA public/private key pair placed in /etc/ssh/. If you want to regenerate RSA keys, you must specify the force option.
Configuration
#ssh keygen host rsa vrf management | Specify the force option to regenerate SSH RSA keys. This option overwrites the existing key. |
Validation
#sh ssh key
****************RSA KEY********************
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMuVc0jpNgMyNzaqzIELX6LlsaK/1q7pBixmwHAGDsZm/dClTLb18AIB27W68YD8k0+Yw0LR0rHuPtNeSFMEsMaQxsaLkSi7yg86xSJaqgLQTyOUTS/OC9hreXkJ73ay
n0yXa8+bre0oyJq1NWxAI9B1jEhfSSAipoDSp/dmc93VJyV+3hgy1FMTAheyebQaUVeLBEMH7siRlSfyo7OHsBYSF6GzAmSuCm6PAelpHm/3L4gChcnPL+0outQOifCSLdUOXEZhTFXrzC61l+14LGt8pR6YN+2uEnU6kq1i
aDLEffIWK4dWCp67JUIef1BTOvxRurpssuRdslhJQXDFaj
bitcount: 2048 fingerprint: a4:23:5d:8a:5a:54:8b:3e:0b:38:06:79:82:e9:83:48
**************************************
****************DSA KEY********************
ssh-dsa AAAAB3NzaC1kc3MAAACBALpY6MFhFPYI+VcAHzHppnwVnNXv9oR/EGHUM50BBqdQE1Qi1mlt1rft4oa4tYR46P4gazKnnNfVE/97FwEbCZaXaz9Wzfcfa3ALtsvGdyNQQk2BebYiRnmeWnS3wGV0M/D64bAiV0
2p/LyF6D0ygMnZ3up3ttTN5QfHeyYQtwyzAAAAFQD+k6wQyr51IhXIQSsQD8by8qxjUwAAAIB0LxP3ljnfzxEXyEkNNzlxCcJ7ZZkFYUmtDJxRZlDceuSf4QipMrQVrdrgdqZNhrUiDWM/HaCMO9LdEQxfPh5TaIwPyccngn
VUS83Tx577ofBW6hellTey3B3/3I+FfiGKUXS/mZSyf5FW3swwyZwMkF0mV0SRCYTprnFt5qx8awAAAIEAjDNqMkyxUvB6JBqfo7zbGqXjBQmJ+dE8fGjI2znlgq4lhYcMZJVNwTiydDIgMVNFfKc1dAT3zr6qMZfGv56EbK
1qUu103K5CF44XfVkYNcHJV+/fcfAJasGU8W6oSbU5Q08abyMsIGRYTurOMkRhvif6sxvieEpVnVK2/nPVVXA=
bitcount: 1024 fingerprint: d9:7a:80:e0:76:48:20:72:a6:5b:1c:67:da:91:9f:52
**************************************
Note: The newly created rsa/dsa key can be verified by logging into the device from a remote machine and checking whether the newly created key's fingerprint matches with the logging session fingerprint.
IPv6 Address Configuration
SSH is performed with IPv6 IP and verified by logging in on remote PC.
Topology
Figure 4-5 shows the sample configuration of SSH.
Figure 4-5: SSH Configuration topology
DUT
#configure terminal | Enter configure mode |
(config)#ssh login-attempts 2 vrf management | Set the number of login attempts to 2 |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
Validation
#show ssh server ssh server
ssh server enabled port: 22
authentication-retries 2
#show running-config ssh server
feature ssh vrf management
ssh login-attempts 2 vrf management
SSH Client Session
When the device acts as an SSH client, it supports both SSH IPv6 sessions to log into the remote machine.
#ssh root@2001::1 vrf management | Log into remote machine using an IPv6 address |
SSH Keys
Use the SSH key command to generate new RSA/DSA keys for the SSH server. By default, the system has RSA/DSA public/private key pair placed in /etc/ssh/. If you want to regenerate RSA keys, you must specify the force option.
#ssh keygen host rsa vrf management | Specify the force option to regenerate SSH RSA keys. This option overwrites the existing key. |
Validation
#sh ssh key ****************RSA KEY********************
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMuVc0jpNgMyNzaqzIELX6LlsaK/ 1q7pBixmwHAGDsZm/ dClTLb18AIB27W68YD8k0+Yw0LR0rHuPtNeSFMEsMaQxsaLkSi7yg86xSJaqgLQTyOUTS/ OC9hreXkJ73ay n0yXa8+bre0oyJq1NWxAI9B1jEhfSSAipoDSp/ dmc93VJyV+3hgy1FMTAheyebQaUVeLBEMH7siRlSfyo7OHsBYSF6GzAmSuCm6PAelpHm/ 3L4gChcnPL+0outQOifCSLdUOXEZhTFXrzC61l+14LGt8pR6YN+2uEnU6kq1i aDLEffIWK4dWCp67JUIef1BTOvxRurpssuRdslhJQXDFaj bitcount: 2048 fingerprint: a4:23:5d:8a:5a:54:8b:3e:0b:38:06:79:82:e9:83:48 **************************************
****************DSA KEY********************
ssh-dsa AAAAB3NzaC1kc3MAAACBALpY6MFhFPYI+VcAHzHppnwVnNXv9oR/ EGHUM50BBqdQE1Qi1mlt1rft4oa4tYR46P4gazKnnNfVE/ 97FwEbCZaXaz9Wzfcfa3ALtsvGdyNQQk2BebYiRnmeWnS3wGV0M/D64bAiV0 2p/ LyF6D0ygMnZ3up3ttTN5QfHeyYQtwyzAAAAFQD+k6wQyr51IhXIQSsQD8by8qxjUwAAAIB0LxP3ljn fzxEXyEkNNzlxCcJ7ZZkFYUmtDJxRZlDceuSf4QipMrQVrdrgdqZNhrUiDWM/ HaCMO9LdEQxfPh5TaIwPyccngn VUS83Tx577ofBW6hellTey3B3/3I+FfiGKUXS/ mZSyf5FW3swwyZwMkF0mV0SRCYTprnFt5qx8awAAAIEAjDNqMkyxUvB6JBqfo7zbGqXjBQmJ+dE8fG jI2znlgq4lhYcMZJVNwTiydDIgMVNFfKc1dAT3zr6qMZfGv56EbK1qUu103K5CF44XfVkYNcHJV+/ fcfAJasGU8W6oSbU5Q08abyMsIGRYTurOMkRhvif6sxvieEpVnVK2/nPVVXA= bitcount: 1024 fingerprint: d9:7a:80:e0:76:48:20:72:a6:5b:1c:67:da:91:9f:52 **************************************
Last modified date: 10/19/2023