Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Configuracion SSH en Gns3

    Enviado por

    Beto Puertas
    232 visualizações8 páginas

    Título original

    Configuracion Ssh en Gns3

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    DOCX, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    232 visualizações8 páginas

    Configuracion SSH en Gns3

    Enviado por

    Beto Puertas

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 8

    TIPS & VIDEO TUTORIALES, BACKTRACK, WIFIWAY, VMWARE, GNS3, CISCO ROUTERS & SWITCHES

    VIERNES 4 DE MARZO DE 2011 GNS3 Lab: Configuracin de SSH (Secure SHell) en GNS3 El primer paso es configurar la interface de bucle invertido con la direccin IP 192.168.1.2 y mascara de subred 255.255.255.0. Hecho lo anterior ahora agregamos un Router y una Nube (Interface de Bucle Invertido) en GNS3 y los conectamos con un cable FastEthernet. Iniciamos el Router (R1) dando clic derecho - "Inicio", una vez mas hacemos clic derecho para abrir la "consola" y ya que hallamos realizado estos pasos, el router comenzara a descomprimir el IOS.

    Connected to Dynamips VM "R1" (ID 0, type c3725) - Console port Smart Init is disabled. IOMEM set to: 5 Using iomem percentage: 5 Restricted Rights Legend

    Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013.

    cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706

    Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Wed 30-Apr-08 18:27 by prod_rel_team Image text-base: 0x60008930, data-base: 0x6363A000

    Use format command to format the card as DOS File System. Or use erase command to format the card as Low End File System.

    This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.

    A summary of U.S. laws governing Cisco cryptographic products may be found at:

    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

    If you require further assistance please contact us by sending email to export@cisco.com.

    Cisco 3725 (R7000) processor (revision 0.1) with 124928K/6144K bytes of memory. Processor board ID XXXXXXXXXXX R7000 CPU at 240MHz, Implementation 39, Rev 2.1, 256KB L2, 512KB L3 Cache 2 FastEthernet interfaces DRAM configuration is 64 bits wide with parity enabled. 55K bytes of NVRAM. 16384K bytes of ATA System CompactFlash (Read/Write) Installed image archive

    SETUP: new interface FastEthernet0/0 placed in "shutdown" state SETUP: new interface FastEthernet0/1 placed in "shutdown" state

    Press RETURN to get started!

    echsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Wed 30-Apr-08 18:27 by prod_rel_team *Mar 1 00:00:22.995: %SNMP-5-COLDSTART: SNMP agent on host R1 is undergoing a

    cold start

    *Mar *Mar R1>

    1 00:00:23.319: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF 1 00:00:23.319: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF

    Ya que el router se halla iniciado correctamente, le configuraremos una IP 192.168.1.1 con mascara de subred 255.255.255.0 y probamos la conectividad haciendo un ping a la interface loopback. R1> en R1# conf t Enter configuration commands, one per line. R1(config)# int f0/0 R1(config-if)# ip address 192.168.1.1 255.255.255.0 R1(config-if)# no shut R1(config-if)# end *Mar to up *Mar 1 00:00:57.195: %LINEPROTO-5-UPDOWN: Line protocol on Interface 1 00:00:56.195: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state End with CNTL/Z.

    FastEthernet0/0, changed state to up R1# show ip int brief Interface Protocol FastEthernet0/0 FastEthernet0/1 down R1# R1# ping 192.168.1.2 192.168.1.1 unassigned YES manual up YES unset administratively down up IP-Address OK? Method Status

    Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 20/58/92 ms R1#

    Ahora empezamos a configurar SSH, para esto primero tenemos que hacer, es crear un nombre de dominio.
    R1# conf t Enter configuration commands, one per line. R1(config)# enable secret cisco R1(config)# ip domain-name delfirosales.com Generar el certificado RSA con un tamao entre el rango de 360-2048. En este ejemplo se muestra con el tamao de 1024. R1(config)# crypto key generate rsa general-keys modulus 1024 The name for the keys will be: R1.delfirosales.com End with CNTL/Z.

    % The key modulus size is 1024 bits % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

    R1(config)# *Mar 1 00:01:36.367: %SSH-5-ENABLED: SSH 1.99 has been enabled

    Algunos detalles adicionales como el configurar el tiempo de inactividad para la sesin, el numero de veces que uno puede fallar al intentarse logearse.

    R1(config)# ip ssh time-out ? <1-120> SSH time-out interval (secs)

    R1(config)# ip ssh time-out 60 R1(config)# ip ssh authentication-retries 3

    Configurar los protocolos permitidos en las lineas VTY.


    R1(config)# line vty 0 4 R1(config-line)# login local R1(config-line)# transport input ssh telnet R1(config-line)# exit R1(config)#

    Crear un usuario y contrasea


    R1(config)# username delfirosales password cisco R1(config)# exit R1# wr Building configuration... [OK]

    Iniciamos sesion SSH con PuTTY

    login as: delfirosales Using keyboard-interactive authentication. Password:

    R1> enable Password: R1# R1# show ip int brief Interface Protocol FastEthernet0/0 FastEthernet0/1 down R1# conf t Enter configuration commands, one per line. R1(config)# hostname delfirosales delfirosales(config)# end delfirosales# wr Building configuration... [OK] End with CNTL/Z. 192.168.1.1 unassigned YES manual up YES unset administratively down up IP-Address OK? Method Status

    Asignacin de niveles de privilegio por usuario Cisco IOS permite configurar 16 niveles de usuario diferente (0 a 15).

    Usuario nivel 0 - Slo accede a modo usuario. Usuario nivel 1 a 14 - Se pueden asignar diferentes comandos para cada nivel. Usuario nivel 15 - Acceso a modo privilegiado completo.

    La configuracin de diferentes niveles de acceso es particularmente til en entornos en los que diferentes tcnicos tienen asignadas diferentes tareas. Para configurar un usuario con permiso de utilizacin de un conjunto limitado de comandos de nivel privilegiado, siga este procedimiento: Router(config)#privilege Router(config)#username Router(config)#line

    exec level [nivel] [comando]

    [user] privilege [nivel] secret 0 [clave] vty 0 4 Router(config-line)#login local


    Tambin es posible generar niveles de privilegios diferentes y asociarlos directamente a una clave de acceso simple a modo privilegiado:

    Router(config)#privilege exec level Router(config)#enable

    [nivel] [comando]

    secret level [nivel] [clave]

    Você também pode gostar