search

fvaladar / Cisco

Configuração de Roteador Cisco
0 stars 0 forks source link

Configurando Roteador Cisco do inicio #3

Open fvaladar opened 1 year ago

fvaladar commented 1 year ago

R2> enable R2# clock set 11:13:00 Jul 13 2022 R2# conf t R2 (config)#ntp master 3 R2 (config)#ntp authentication-key 10 md5 ntpkeyphrase R2 (config)#ntp trusted-key 10 R2 (config)#ntp authenticaticate R2 (config)# R2 (config)#key chain sample1 R2 (config-keychain)#key 1 R2 (config-keychain)#key-string thisisthekeystring R2 (config-keychain)#crypt R2 (config-keychain)#cryptographic-algorithm hmac-sha-256 R2 (config-keychain)#int s0/0/1 R2 (config-if)#ip ospf authentication key-chain sample1 R2 (config-if)# R2 (config-if)#int s0/0/0 R2 (config-if)#ip ospf authentication key-chainsample1 R2 (config-if)# Jul 13 11:27:00.975: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.1 on Serial0/0/1 to DOWN, Neighbor Down: Dead timer expired R2 (config-if)#exit R2 (config)#

fvaladar commented 1 year ago

Router# configure terminal Router(config)# hostname R1 R1(config)# ip domain name span.com R1(config)# crypto key generate rsa general-keys modulus 1024 The name for the keys will be: Rl.span.com % The key modulus size is 1024 bits % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] Dec 13 16:19:12.079: %SSH-5-ENABLED: SSH 1.99 has been enabled R1(config)# R1(config)# username Bob secret cisco R1(config)# line vty 0 4 R1(config-line)# login local R1(config-line)# transport input ssh R1(config-line)# exit R1(config)#

fvaladar commented 1 year ago

R1# show crypto key mypubkey rsa % Key pair was generated at: 21:18:41 UTC Feb 16 2015 Key name: R1.span.com Key type: RSA KEYS Storage Device: not specified Usage: General Purpose Key Key is not exportable. Key Data: 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00CF35DB
A58A1BDB F7C7E600 F189C2F3 2EC6E584 D923EE5B 71841D98 B5472A03 D19CD620
ED125825 5A58412B B7F29234 DE2A1809 6C421AC3 07F298E6 80BE149D 2A262E13
74888DAF CAC8F187 B11111AF A413E76F 6C157CDF DFEF0D82 2961B58C BE1CAD21
176E82B9 6D81F893 06E66C93 94E1C508 887462F6 90AC63CE 5E169845 C1020301 0001 % Key pair was generated at: 21:18:42 UTC Feb 16 2015 Key name: R1.span.com.server Key type: RSA KEYS Temporary key Usage: Encryption Key Key is not exportable. Key Data: 307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00AB914D 8172DFBE
DE57ACA9 7B844239 1F3B5942 3943AC0D F54E7746 3895CF54 606C3961 8A44FEB3
1A019F27 D9E71AAE FC73F423 A59CB8F5 50289272 3392CEBC 4C3CBD6D DB9233DE
9DDD9DAD 79D56165 4293AA62 FD1CBAB2 7AB859DC 2890C795 ED020301 0001 R1# conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# crypto key zeroize rsa % All keys will be removed. % All router certs issued using these keys will also be removed. Do you really want to remove these keys? [yes/no]: yes R1(config)#

fvaladar commented 1 year ago

Melhorar a segurança de login SSH

R1# show ip ssh SSH Enabled - version 2.0 Authentication methods:publickey,keyboard-interactive,password Authentication timeout: 120 secs; Authentication retries: 3 (output omitted)

R1# conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# ip ssh time-out 60 R1(config)# ip ssh authentication-retries 2 R1(config)# ^Z R1# *Feb 16 21:23:51.237: %SYS-5-CONFIG_I: Configured from console by console R1# show ip ssh SSH Enabled - version 2.0 Authentication methods:publickey,keyboard-interactive,password Authentication timeout: 60 secs; Authentication retries: 2 (output omitted)

fvaladar commented 1 year ago

Verificador de sintaxe - Habilitar SSH no R2

Configure o seguinte:

Atribua o nome de domínio span.com. Gere as teclas General RSA usando a tecla Crypto gerar o comando RSA General-Keys Modulus 1024.

R2(config)#ip domain-name span.com R2(config)#crypto key generate rsa general-keys modulus 1024 The name for the keys will be: R2.span.com

% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)

*Feb 27 16:41:37.363: %SSH-5-ENABLED: SSH 1.99 has been enabled Crie uma entrada de banco de dados local para um usuário chamado Bob usando o tipo algoritmo SCRYPT hash com uma senha secreta do cisco54321.

R2(config)#username Bob algorithm-type scrypt secret cisco54321 Configure as linhas vty 0-4 para usar:

O banco de dados local para autenticação de login. Ative o SSH nas linhas vty usando o comando ssh de entrada de transporte. Saia da configuração de linha vty. R2(config)#line vty 0 4 R2(config-line)#login local R2(config-line)#transport input ssh R2(config-line)#exit Configure o SSH:

Ative a versão 2 do SSH. Defina o número de tentativas de autenticação para 2. Defina o período de tempo limite do SSH de 1 minuto. Emita o comando final para sair do modo de configuração. R2(config)#ip ssh version 2 R2(config)#ip ssh authentication-retries 2 R2(config)#ip ssh time-out 60 R2(config)#end Verifique a configuração SSH usando o comando Show IP SSH.

R2#show ip ssh SH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication timeout: 60 secs; Authentication retries: 2
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDNJV02ayJzPD/Ys/HKpy78XVR+QlnBaHaABMEOKGlj
oC4DQf8Z2XRJTzORPrYUfk1FFFVku+ejsy0G+3LoCAUgSdfpg1X4c8DbJhvA1PwPgxPVPklS5yWS+URk
ur4ijJl/cPksQpXQ8i26ye5SlLslV+3I+3TSI3MOEmJP++3vvw==
R2# Você configurou com sucesso o SSH em R2.