先准备一个U盘格式化为FAT32格式
将bin pkg license等文件复制到设备上
enable
cd usb0:
dir
copy usb0:/XXXXX.SPA.bin bootflash:
copy usb0:/XXXXX.SPA.pkg bootflash:
copy usb0:/license.txt flash:
license smart reservation install file flash:license.txt
>conf t
#upgrade rom-monitor filename bootflash:XXXXX.SPA.pkg all
#no boot system flash bootflash:OLD_XXXXX.SPA.bin
#boot system flash bootflash:XXXXX.SPA.bin
#platform hardware throughput level 3500000
#do wr
#do show bootvar
#reload
智能许可: 16.9到最新的17.X所有版本
传统许可: 16.9和更低的版本
新版本用的是license smart , 以前的授权文件无法再使用, 所以要写入新签发的授权数据.
弃用10进制显示原文的community参数, 这玩意太容易忘记了.
ip bgp-community new-format
配置ssh免密码登录
转换密钥格式
fold -b -w 72 ~/.ssh/id_rsa.pub
准备提取复制ssh-rsa到最后comment的中间一段密钥
开始配置设备
hostname Router-R1
crypto key generate rsa modulus 2048
ip ssh version 2
!
line vty 0 4
transport input ssh
login local
!
no ip ssh server authenticate user password
no ip ssh server authenticate user keyboard
!
导入密钥步骤
Router-R1(config)#ip ssh pubkey-chain
Router-R1(conf-ssh-pubkey)#username 用户名
Router-R1(conf-ssh-pubkey-user)#key-string
Router-R1(conf-ssh-pubkey-data)#粘贴密钥
Router-R1(conf-ssh-pubkey-data)#exit
Router-R1(conf-ssh-pubkey-user)#exit
Router-R1(conf-ssh-pubkey)#exit
Router-R1(config)# do wr
查看配置内容
Router-R1#show running-config | begin pubkey
ip ssh pubkey-chain
username 用户名
key-hash ssh-rsa 8FB4F858DD7E5AFB372780EC653DB371
quit
这些配置除了上新设备不常用容易忘记, 仅做备忘.
对端口进行白名单限制登录设置
ip access-list extended ssh-permit
permit ip 10.11.80.0 0.0.1.255 any
!
line vty 0 4
access-class ssh-permit in
配置Telnet
line vty 5 15
access-class ssh-permit in
login local
transport input telnet
原文出处:https://networklessons.com/uncategorized/ssh-public-key-authentication-cisco-ios