Cisco配置备忘录

弃用10进制显示原文的community参数, 这玩意太容易忘记了.

ip bgp-community new-format

配置ssh免密码登录

转换密钥格式

fold -b -w 72 ~/.ssh/id_rsa.pub

准备提取复制ssh-rsa到最后comment的中间一段密钥

开始配置设备

hostname Router-R1
crypto key generate rsa modulus 2048
ip ssh version 2
!
line vty 0 4
transport input ssh
login local
!
no ip ssh server authenticate user password
no ip ssh server authenticate user keyboard
!

导入密钥步骤

Router-R1(config)#ip ssh pubkey-chain 
Router-R1(conf-ssh-pubkey)#username 用户名
Router-R1(conf-ssh-pubkey-user)#key-string
Router-R1(conf-ssh-pubkey-data)#粘贴密钥
Router-R1(conf-ssh-pubkey-data)#exit
Router-R1(conf-ssh-pubkey-user)#exit
Router-R1(conf-ssh-pubkey)#exit
Router-R1(config)# do wr

查看配置内容

Router-R1#show running-config | begin pubkey   
ip ssh pubkey-chain
  username 用户名
   key-hash ssh-rsa 8FB4F858DD7E5AFB372780EC653DB371
  quit

这些配置除了上新设备不常用容易忘记, 仅做备忘.

 

对端口进行白名单限制登录设置

ip access-list extended ssh-permit
 permit ip 10.11.80.0 0.0.1.255 any
!
line vty 0 4 
 access-class ssh-permit in

配置Telnet

line vty 5 15
 access-class ssh-permit in
 login local
 transport input telnet

 

原文出处:https://networklessons.com/uncategorized/ssh-public-key-authentication-cisco-ios

添加新评论 »