Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
2-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 2 Preparing Devices for Management
Setting Up SSH
Step 7 Verify that SSL is set up on the device. The Device should respond with an “enabled” status.
hostname# show ip http server secure status
Setting Up SSH
You can use the Secure Shell (SSH) protocol to communicate with Cisco IOS Routers, Catalyst switches,
and Catalyst 6500/7600 devices. This protocol provides strong authentication and secure
communications over insecure channels. Security Manager supports both SSH versions 1.5 and 2. Once
connected to the device, Security Manager determines which version to use and communicates using that
version.
The following topics describe how to set up SSH on the supported devices:
Critical Line-Ending Conventions for SSH, page 2-5
Testing Authentication, page 2-5
Setting Up SSH on Cisco IOS Routers, Catalyst Switches, and Catalyst 6500/7600 devices, page 2-6
Preventing Non-SSH Connections (Optional), page 2-7
Critical Line-Ending Conventions for SSH
The following line-ending conventions for SSH must be observed to avoid system failure:
Do not end banner message lines with “#”, “# ”, “>”, or “> ”. If your system requires a pound sign
or greater-than sign at the end of a banner message, ensure that it is followed by two spaces.
Do not use banner message lines that contain only “Username: ” or “Password: ”
Do not customize the device user EXEC mode prompt to not end with “>” or “#”.
Testing Authentication
Before you set up SSH, you must test authentication without SSH to make sure the device can be
authenticated. You can authenticate with a local username and password or with an authentication,
authorization, and accounting (AAA) server running TACACS+ or RADIUS.
This procedure describes how to test authentication without SSH using a local or AAA server username
and password.
Step 1 Enter configuration mode.
router# config terminal
Step 2 Specify that the local username and password should be used in the absence of AAA statements. On
Cisco IOS routers, you can use the login local command on VTY lines instead of the aaa new-model
command.
hostname(config)#aaa new-model