[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 23985
  • Last Modified:

How to configure SSH access to Cisco 2960 and 3560 switches?

There are quite a big number of the above switch types in my company. I'm thinking restrict the access to SSH ONLY. Alternatively, some may allow SSH and telnet access. How to do?
0
Balack
Asked:
Balack
4 Solutions
 
that1guy15Commented:
0
 
infosecconsCommented:
I guess you could set up your switches to allow ssh access by default and, for the ones that need it, create a seperate configuration that allows telnet access also.
See this excellent guide on the Cisco web site to read up on how to enable/disable telnet access and/or ssh access: http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_44_se/configuration/guide/swauthen.html

0
 
Don JohnstonInstructorCommented:

ip domain-name xxxx.com
crypto key generate rsa ! you'll be prompted for the key length
ip ssh version 2
line vty 0 4
 login local
 transport input ssh

Open in new window

0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Istvan KalmarHead of IT Security Division Commented:
If you don't upgrade the switchs software you not able to use this feature! If yuu want the SSH, use Crypto image!
I advise you must use to protect the remote access access-list on the vty:

access-list 1 permit x.x.x.x y.y.y.y  ----> where you want to access
access-list 1 deny   any

line vty 0 4
 transport input ssh
  access-class 1 in
end
0
 
BalackAuthor Commented:
What is the minimal requirements on IOS version? My co-worker try to key in "crypto key generate rsa", and being prompted "invalid command".

For your info, he tried on switches with 12.1(32) and 12.0(5.3).
0
 
BalackAuthor Commented:
BTW, what is latest version I can upgrade to the above switches?
0
 
Istvan KalmarHead of IT Security Division Commented:
Hi Balack,

You must upgrade the switches, if you want to enable SSH!
If you a registered user, you able to download directly from cco!

The legal procedure is: you buy the new sofware from your service integrator, or cisco partner, and after you upgrade the switches!
 The latast version: LAN LITE W/O CRYPTO c2960-lanlite-mz.122-50.SE2.bin Release Date: 19/May/2009 Size: 6564.96 KB  (6722515 bytes) Minimum Memory: DRAM:64 MB  Flash:32 MB    LAN LITE W/O CRYPTO WITH WEB BASED DEV MGR c2960-lanlite-tar.122-50.SE2.tar Release Date: 19/May/2009 Size: 10220.00 KB  (10465280 bytes) Minimum Memory: DRAM:64 MB  Flash:32 MB   IP BASE W/O CRYPTO c3560-ipbase-mz.122-50.SE1.bin Release Date: 14/Apr/2009 Size: 9027.33 KB  (9243981 bytes) Minimum Memory: DRAM:128 MB  Flash:16 MB    IP BASE W/O CRYPTO WITH WEB BASED DEV MGR c3560-ipbase-tar.122-50.SE1.tar Release Date: 14/Apr/2009 Size: 11750.00 KB  (12032000 bytes) Minimum Memory: DRAM:128 MB  Flash:16 MB
 
0
 
Ravi KantCommented:
Hi

I am not able to generate crypto keys on Cisco 2960. This shows "% Unrecognized command".
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now