Implementing Secure Shell on Cisco IOS XR Software
How to Implement Secure Shell
SC-207
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Configuring the SSH Client
Perform this task to configure an SSH client.
SUMMARY STEPS
1. configure
2. ssh client knownhost device:/filename
3. exit
4. ssh [vrf vrf-name] {ipv4-address | ipv6-address | hostname} [username user-id] [cipher aes
{128-cbc | 192-cbc | 256-cbc}] [source-interface type instance]
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
ssh client knownhost device:/filename
Example:
RP/0/RP0/CPU0:router(config)# ssh client
knownhost slot0:/server_pubkey
(Optional) Enables the feature to authenticate and check the
server public key (pubkey) at the client end.
Note The complete path of the filename is required. The
colon (:) and slash mark (/) are also required.
Step 3
exit
Example:
RP/0/RP0/CPU0:router(config)# exit
Exits global configuration mode, and returns the router to
EXEC mode.
Step 4
ssh [vrf vrf-name] {ipv4-address | ipv6-address
| hostname} [username user-id} [cipher aes
{128-cbc | 192-cbc |256-cbc}] source-interface
type instance]
Example:
RP/0/RP0/CPU0:router# ssh vrf green 10.10.10.10
username user1234 cipher aes 192-cbc
source-interface loopback 0
Enables an outbound SSH connection.
• To run an SSHv2 server, you must have a VRF. This
may be the default or a specific VRF. VRF changes are
applicable only to the SSH v2 server.
• The SSH client tries to make an SSHv2 connection to
the remote peer. If the remote peer supports only the
SSHv1 server, the peer internally spawns an
SSHv1 connection to the remote server.
• The SSHv1 client supports only the 3DES encryption
algorithm option, which is still available by default for
those SSH clients only.
• If the hostname argument is used and the host has both
IPv4 and IPv6 addresses, the IPv6 address is used.
To Next Page
Loading...
Need help?
General
