Sakibur Rahman

Harden SSH service in Cisco IOS devices

Change the Default SSH Port

ip ssh port 2222

Disable Unused Service

no service pad

no service finger

no snmp-server enable traps

Enable SSH

crypto key generate rsa modulus 2048

ip ssh version 2

ip ssh dh min size 2048

ip ssh server algorithm mac hmac-sha2-256

ip ssh server algorithm encryption aes256-cbc

Restrict Access

ip access-list extended 10

  permit tcp 192.168.99.0 0.0.0.255 any eq 2222

  permit tcp any any established

  exit

line vty 0 4

  access-class 10 in

  transport input ssh

  exit

Enable Access Logging

login on-failure log

login on-success log

wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.