Configuring Ssh Access - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 11
Allowing Remote Management
This section includes the following topics:
•
•
Configuring SSH Access
To configure SSH access to the FWSM, follow these steps:
Step 1
To generate an RSA key pair, which is required for SSH, enter the following command:
FWSM/contexta(config)# ca generate rsa key modulus
The modulus (in bits) is 512, 768, 1024, or 2048. The larger the key modulus size you specify, the longer
it takes to generate an RSA. We recommend a value of 768.
Before you generate the key, you should set the host name and the domain name according to the
"Setting the Host Name" section on page 6-4
These settings are used in the key.
Step 2
To save the RSA keys to persistent Flash memory, enter the following command:
FWSM/contexta(config)# ca save all
To identify the IP addresses from which the FWSM accepts connections, enter the following command
Step 3
for each address or subnet:
FWSM/contexta(config)# ssh source_IP_address mask source_interface
The FWSM accepts SSH connections from all interfaces, including the lowest security one.
(Optional) To set the duration for how long an SSH session can be idle before the FWSM disconnects
Step 4
the session, enter the following command:
FWSM/contexta(config)# ssh timeout minutes
Set the timeout from 1 to 60 minutes. The default is 5 minutes. The default duration is too short in most
cases and should be increased until all pre-production testing and troubleshooting has been completed.
For example, to generate RSA keys and let a host on the inside interface with an address of 192.168.1.2
access the FWSM, enter the following command:
FWSM/contexta(config)# ca generate rsa key 1024
FWSM/contexta(config)# ca save all
FWSM/contexta(config)# ssh 192.168.1.2 255.255.255.255 inside
FWSM/contexta(config)# ssh 192.168.1.2 255.255.255.255 inside
FWSM/contexta(config)# ssh timeout 30
To allow all users on the 192.168.3.0 network to access the FWSM on the inside interface, the following
command:
FWSM/contexta(config)# ssh 192.168.3.0 255.255.255.0 inside
OL-6392-01
Configuring SSH Access, page 11-3
Using an SSH Client, page 11-4
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
and the
"Setting the Domain Name" section on page
Allowing SSH
6-5.
11-3
Advertisement
Table of Contents
Troubleshooting
