Let’s imagine we are asked to configure Router1 to run SSH access using the port 2009.
As we already know, SSH uses the tcp port 22 by default. So,
how can we change the port that R1(Router) uses to listen for SSH connections?
There is a way to do it straightforward, with a configuration only in R1. This
feature is called SSH rotary.
Let’s see how to configure it, the first thing we have to do
is to generate the RSA key pair for the router with the command crypto key
generate rsa. But first, we need to configure the hostname and
the domain-name server in the router:
router(config)# hostname R1
R1(config)# ip domain name cisco.com
R1(config)# crypto key generate rsa
The name for the keys will be:
R1.cisco.com
Choose the size of the key modulus in
the range of 360 to 2048 for your
General Purpose Keys. Choosing
a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
1024
% Generating 1024 bit RSA keys, keys
will be non-exportable...[OK]
Once we have created the RSA key pair, it’s necessary to
configure the user and password to access the
router, and to apply it into the VTY line settings:
R1(config)# username cisco password
CISCO
R1(config)# line vty 0 4
R1(config-line)# login local
Now, we will configure the router to expect ssh connections
on port 2009. This is done with the command ip ssh port and
applying a rotary group. Then, that rotary group is configured on the
VTY lines:
R1(config)# ip ssh port 2009 rotary 1
R1(config)# line vty 0 4
R1(config-line)# rotary 1
Let’s verify that the configuration its actually working:
R1#ssh -l cisco -p 2009 2.2.2.1
Password:
R1>sh tcp brief
TCB
Local
Address
Foreign Address
(state)
66CCF71C
2.2.2.1.18922
2.2.2.1.2009
ESTAB
66CCFC78 2.2.2.1.2009
2.2.2.1.18922
ESTAB
So here you have it, how to configure a router to be accessed
via SSH with a non-by-default port.
No comments:
Post a Comment