https://blog.initialdraft.com/archives/2377/
Let’s imagine we are asked to configure Router1 to run SSH access using the port 2009.
As we already know, SSH uses the tcp port 22 by default. So, how can we change the port that R1 uses to listen for SSH connections? There is a way to do it straightforward, with a configuration only in R1. This feature is called SSH rotary.
Let’s see how to configure it, the first thing we have to do is to generate the RSA key pair for the router with the command crypto key generate rsa. But first, we need to configure the hostname and the domain-name server in the router:
router(config)# hostname R1 R1(config)# ip domain name cisco.com R1(config)# crypto key generate rsa The name for the keys will be: R1.cisco.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Once we have created the RSA key pair, it’s necessary to configure the user and password to access the router, and to apply it into the VTY line settings:
R1(config)# username cisco password CISCO R1(config)# line vty 0 4 R1(config-line)# login local
Now, we will configure the router to expect ssh connections on port 2009. This is done with the command ip ssh port and applying arotary group. Then, that rotary group is configured on the VTY lines:
R1(config)# ip ssh port 2009 rotary 1 R1(config)# line vty 0 4 R1(config-line)# rotary 1
Let’s verify that the configuration its actually working:
R1#ssh -l cisco -p 2009 2.2.2.1
Password:
R1>sh tcp brief
TCB Local Address Foreign Address (state)
66CCF71C 2.2.2.1.18922 2.2.2.1.2009 ESTAB
66CCFC78 2.2.2.1.2009 2.2.2.1.18922 ESTAB
So here you have it, how to configure a router to be accesed via SSH with a non-by-default port.
No comments:
Post a Comment