Fix It Page
Enable SSH for Access to the Router
Note
Enable AAA
Cisco Router and Security Device Manager Version 2.2 User's Guide
16-24
access-class <std-acl-num>
If the Cisco IOS image running on the router is a crypto image (an image that uses
56-bit Data Encryption Standard (DES) encryption and is subject to export
restrictions), then Security Audit will implement the following configurations to
secure
Telnet
access whenever possible:
Enable Secure Shell (SSH) for Telnet access. SSH makes Telnet access much
•
more secure.
Set the SSH timeout value to 60 seconds, causing incomplete SSH
•
connections to shut down after 60 seconds.
•
Set the maximum number of unsuccessful SSH login attempts to two before
locking access to the router.
The configuration that will be delivered to the router to secure access and file
transfer functions is as follows:
ip ssh time-out 60
ip ssh authtication-retries 2
!
line vty 0 4
transport input ssh
!
After making the configuration changes above, you must specify the SSH
modulus key size and generate a key. Use the
Cisco IOS Authentication, Authorization, and Accounting (AAA) is an
architectural framework for configuring a set of three independent security
functions in a consistent manner. AAA provides a modular way of performing
authentication, authorization, and accounting services.
SDM will perform the following precautionary tasks while enabling AAA to
prevent loss of access to the router:
Chapter 16
SSH
page to do so.
Security Audit
OL-4015-08