enable 

configure terminal

enable secret cisco

service password-encryption 启用密码加密服务

aaa new-model

aaa authentication login AAA_LOCAL local

username sunchao secret  cicso

username cocoe  secret cisco

security passwords min-length 5 配置密码最小长度

hostname R1

ip domain-name sunchao.com

crypto key generate rsa

 

access-list 10 remark Hosts allowed to SSH

access-list 10 permit host 192.168.1.1

access-list 10 permit host 192.168.1.2

 

 

R2(config)#line vty 0 4

R2(config-line)#logging synchronous

R2(config-line)#exec-timeout 5 30

R2(config-line)#login authentication AAA_LOCAL 

R2(config-line)#transport input ssh 

R2(config-line)#access-class 10 in

R2(config-line)#end

ip ssh version 2

ip ssh timeout 30 (设置最大空闲定时器)

ip ssh authentication-retries 2 (最大失败尝试次数)

 

R1登陆 

R1#ssh -l sunchao 192.168.1.1

Open

Password: