Cisco Catalyst 스위치의 SSH 접속 세팅에 대해 정리해 보았습니다.
1. Cisco SSH 설정하기
Switch(config)# username admin secret cisco **// SSH로 로그인할 계정 생성**
Switch(config)#hostname Beer
Beer(config)#ip domain-name cisco.com
Beer(config)#crypto key generate rsa
The name for the keys will be: Beer.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024 **// 암호화 비트 설정**
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Beer#show crypto key mypubkey rsa
% Key pair was generated at: 00:38:21 UTC Mar 1 1993
Key name: Beer.cisco.com
Storage Device: not specified
Usage: General Purpose Key
Key is not exportable.
Key Data:
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00D7F9EC
1BD6F1EE 6179D666 CCCEDA0B C1A59065 942CA219 B316F53C CB258D6C 882D5EE2
6F8F4538 3C53FCD0 DDC2157A 2C4731B1 1DF5FA29 4B9C28F0 87B276F2 041EAF00
4B3AB416 64E917A7 10BF682B 14355909 23DA241D B0E1BCDD DF4C5798 04EB76A0
174E42BB 1D83DDE8 D7C9C2C0 F23E6688 ACF8B724 90F50792 36A0F0F9 73020301 0001
% Key pair was generated at: 00:38:22 UTC Mar 1 1993
Key name: Beer.cisco.com.server
Temporary key
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00BDD3F7 FDADAEAD
38FC5DA4 3A5C2F51 52882D03 29DE37CF 6B0867F0 9483F0B8 DE6C8539 F3315F24
402CB687 4CC74D35 930D0CB5 944C336B 01D0C89C B5685D72 DCB54BE3 ED72C1CF
2F3E65AC 69B52693 5EB8CED2 97484984 806BA5AC 0CC5BFE5 5D020301 0001
Beer(config)#line vty 0 4 **// 원격지에서 장비 접속시 사용 0~4 즉 5개 접속수 명령**
Beer(config-line)#transport input ssh **// SSH의 접속만 허용**
Beer(config-line)#login local **// local 계정의 패스워드 이용**
Beer(config)#ip ssh version 2 **// 보다 강력한 보안 제공 SSHV2 설정**
Beer(config)#ip ssh time-out
Beer(config)#ip ssh authentication-retries **//재시도횟수**
<0-5> Number of authentication retries
SSH 접속
admin / cisco
2. Cisco SSH ACL 설정하기
Switch(config)# access-list 100 permit ip host 192.168.10.100 any // 192.168.10.100 허용
Switch(config)# access-list 100 permit ip host 192.168.10.200 any // 192.168.10.200 허용
Beer(config-line)#line vty 0 4
Beer(config-line)#access-class 100 in // 100번 그룹 IP 만 허용
'Network' 카테고리의 다른 글
| [Network] 장비별 패킷 추출 방법 [Catalyst, Nexus, ESXi, NSX-T] (0) | 2024.08.02 |
|---|---|
| [Network] Cisco 스위치 보안 취약점 점검 내용 및 조치 방법 (0) | 2024.07.25 |
| [Network] Cisco Nexus Switch Checkpoint/Rollback (0) | 2024.07.25 |
| [Network] 외부 네트워크와의 ARP 동작 방식 (0) | 2024.07.05 |
| [Network] ARP 동작 방식 (0) | 2024.07.03 |
