Implementing Secure Shell on Cisco IOS XR Software
Configuration Examples for Implementing Secure Shell
SC-208
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Troubleshooting Tips
• If you are using SSHv1 and your SSH connection is being rejected, you have not successfully
generated an RSA key pair for your router. Make sure that you have specified a hostname and
domain. Then use the crypto key generate rsa command to generate an RSA key pair and enable
the SSH server.
• If you are using SSHv2 and your SSH connection is being rejected, you have not successfully
generated a DSA key pair for your router. Make sure that you have specified a hostname and domain.
Then use the crypto key generate dsa command to generate a DSA key pair and enable the SSH
server.
• When configuring the RSA or DSA key pair, you might encounter the following error messages:
–
No hostname specified
You must configure a hostname for the router using the hostname global configuration
command.
–
No domain specified
You must configure a host domain for the router using the domain-name global configuration
command.
• The number of allowable SSH connections is limited to the maximum number of virtual terminal
lines configured for the router. Each SSH connection uses a vty resource.
• SSH uses either local security or the security protocol that is configured through AAA on your router
for user authentication. When configuring AAA, you must ensure that the console is not running
under AAA by applying a keyword in the global configuration mode to disable AAA on the console.
Configuration Examples for Implementing Secure Shell
This section provides the following configuration example:
• Configuring Secure Shell: Example, page SC-208
Configuring Secure Shell: Example
The following example shows how to configure SSHv2 by creating a hostname, defining a domain name,
enabling the SSH server for local and remote authentication on the router by generating a DSA key pair,
bringing up the SSH server, and saving the configuration commands to the running configuration file.
After SSH has been configured, the SFTP feature is available on the router.
configure
hostname router1
domain name cisco.com
exit
crypto key generate dsa
configure
ssh server
end
To Next Page
Loading...
Need help?
General
