Monday, April 4, 2016

Secure your router with encryption

Cisco Professionals eTips and Tricks

If your Cisco router supports encryption, you can use the following commands to create a RSA keys so you can connect to the router with SSH instead of with an insecure telnet connection:

hostname <hostname>
ip domain-name <domain name>
crypto key generate rsa

Note that the "ip domain-name" command is required before issuing "crypto key generate rsa" or else the router will give an error such as "Please define a domain-name first." 

In comparison, "ip http secure-server" generates keys for accessing the router through SSL without having to specify the domain, and in theory these keys can also be used for SSH access. The "ip http secure-server" command enables the HTTPS server, so if you don't plan to connect to the router in that way, you may want to issue the "no ip http secure-server" command.

Author: Anonym

Theme picker


Contact author