In this post I will configure SSH version 2 on the router to have a 1024 bit key, allow 3 failed login attempt and set time-out to 30 mins. I will then configure my vty ports to use either telnet or SSH and I will enable aaa new-model and create a user called syn with a password of cisco. Lastly I will check my running config and use a show command to view the setup.
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#ip domain-name lab.local
router1(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: router1.lab.local
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
router1(config)#ip ssh authentication-retries 3
router1(config)#ip ssh time-out 30
router1(config)#ip ssh version 2
router1(config)#line vty 0 4
router1(config-line)#transport input ssh telnet
router1(config-line)#end
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#aaa new-model
router1(config)#username syn secret cisco
router1(config)#end
router1#show run
Building configuration...
Current configuration : 1564 bytes
!
version 12.4
!
aaa new-model
!
ip domain name lab.local
ip ssh time-out 30
ip ssh source-interface Ethernet0
ip ssh version 2
!
username syn secret 5 $1$mU38$MPCu0GOeTzhKnQBNMKxe30
!
line vty 0 4
exec-timeout 0 0
password 7 02050D480809
logging synchronous
transport input telnet ssh
!
end
router1#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 30 secs; Authentication retries: 3
router1#