basics | defaults | fw | init | lacp | passwords | setup | ssh
you need to define a domain to generate RSA key pairs
ip domain-name localdomain !be it domain.tld or whatever
generate two separate pairs, that’s a pretty good practice you would learn in CTF clubs
– and provide at least 1024 unless you want to deal with ssh’s Invalid key length
crypto key generate rsa usage-keys
(Signature) How many bits in the modulus [512]: 1024
(Encryption) How many bits in the modulus [512]: 1024
enable SSH (and disable telnet in case those lines where already running) – define an auth method for remote access – no session timeout
line vty 0 15
exec-timeout 0 0
logging synchronous
login local
transport input ssh
setup ssh client as such
vi ~/.ssh/config
# WS-C2950T-24
host loud1
hostname 10.7.7.203
user admin
kexalgorithms +diffie-hellman-group1-sha1
ciphers +3des-cbc
host WS-C2960G-48TC-L
hostname 192.168.0.48
user admin
kexalgorithms +diffie-hellman-group1-sha1
hostkeyalgorithms +ssh-rsa
ciphers +aes128-cbc
how to enable SSH on the catalyst 2950 https://community.cisco.com/t5/other-network-architecture/how-to-enable-ssh-on-the-catalyst-2950/td-p/396935
OpenSSH Legacy Options https://www.openssh.com/legacy.html
How to enable diffie-hellman-group1-sha1 key exchange on Debian 8.0? https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0
How To: Enable SSH On A Cisco 2950 http://tuxlabs.com/?cat=81
https://networklessons.com/system-management/configure-ssh-cisco-ios
https://www.mustbegeek.com/manage-user-accounts-and-passwords-in-cisco-ios-devices/