Configuring SSH Access

[yemaya]

Hi Guys;

I want to setup SSH to access to my route from the outside (Internet), i was looking on internet but i'm not complete sure, here what i found:

There are four steps required to enable SSH support on an IOS router:

Configure the hostname command. 

Configure the DNS domain.

Generate the SSH key to be used.

Enable SSH transport support for the virtual type terminal (vtys).

Point #2: Configure the DNS domain

Can i use my ISP provider DNS server or i can use any dns fake server like

http://www dot

yemaya0000 dot com ?.

Can someone explain me how to do this?.

Thanks in advance.

 

[ADB100]

You don't need to configure DNS lookups, just add a DNS domain name to your router:

ip domain-name somedomain.com

The router uses the hostname & domain name to create the RSA keys.

HTH

Andy

 

[yemaya]

Hi ADB100;

Got it, the last question is, how can i connect to the router from my laptop that is outside my network?, what i want to do is connect from outside to my network and remotely configure my router, i can use telnet but i want some level of security, any recomendation?, SSH does this job ?.

Thanks in advance.

 

[burtsbees]

VPN will also work, and it is even more secure.

Burt

 

[wybnormal]

SSH is fine, and if you configure the router to only accept SSH connections from your local network and your companies IP address, it will be very safe. I do this on my own firewall where my SSH sessions on the outside are only allowed from two subnets, one from my companies outside IP address and from the subnet range that Sprint uses locally for my EVDO card. That keeps the risk low.


MikeS

http://www.packetattack.com

http://www.packetpress.net

Home of the book "Network Security Using Linux"

 

[yemaya]

Hi Guys;

Before put everything in the router i want to make sure that everything is correct or do i have to do something else to setup SSH in the router;

Router(config)# hostname Router1
Router1(config)# ip domain-name abccompany.com
Router1(config)# crypto key generate rsa

Router1(config)# ip ssh time-out 30
Router1(config)# ip ssh authentication-retries 2

Router1(config)#line vty 0 4
Router1(config-line)# transport input ssh

Also i have SecureCRT 5.2.2 and it supports SSHv1, v2 to connect to the router, how do i know which version use?, i beleive v2 is more secure.

Thanks in advance.

 

[yemaya]

Hi Guys;

Before put everything in the router i want to make sure that everything is correct or do i have to do something else to setup SSH in the router;

Router(config)# hostname Router1
Router1(config)# ip domain-name abccompany.com
Router1(config)# crypto key generate rsa

Router1(config)# ip ssh time-out 30
Router1(config)# ip ssh authentication-retries 2

Router1(config)#line vty 0 4
Router1(config-line)# transport input ssh

Also i have SecureCRT 5.2.2 and it supports SSHv1, v2 to connect to the router, how do i know which version use?, i beleive v2 is more secure right?.

Thanks in advance.

 

[yemaya]

Hi Guys,

Here is my final configuration for SSH, is this configuration correct?:

Router(config)# hostname Router1
Router1(config)# ip domain-name abccompany.com
Router1(config)# crypto key generate rsa

Router1(config)# ip ssh time-out 30
Router1(config)# ip ssh authentication-retries 2
Router1(config)# ip ssh version 2

Router1(config)#line vty 0 4 
Router1(config-line)# privilege level 15
Router1(config-line)# password XXXXXXX
Router1(config-line)# login local
Router1(config-line)# terminal-type ssh
Router1(config-line)# transport preferred ssh
Router1(config-line)# transport input ssh
Router1(config-line)# transport output none
Router1(config-line)# access-class SSH in

ip access-list extended SSH
 permit tcp any any eq 22 log

Thanks in advance.