Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is it enough to logging through SSH-2 RSA only, 1024, password strength 8?

Hi everybody,

I should provide the highest level security on C2821-VSEC-CCME/K9.   Is it enough to logging through SSH-2 RSA only, 1024, password strength: 8 symbols, No CAPS letters, numbers, special symbols, password example [sdf^&*89]?

line vty 0 4

exec-timeout 60 0

transport input ssh

line vty 5 15

transport input ssh

Should I create MAC base Access-List on cisco router? 

Should I use login with the highest security level options: SSH-2 RSA only, 2048, password strength: XX symbols,  CAPS and small letters, numbers, special symbols, password example [sdf^&*89Ad@#34s_Ds!@27&#]? 

Is it paranoia which has nothing with real life or it is recommended practice? 

Please, advice.  Thank you very much.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Is it enough to logging through SSH-2 RSA only, 1024, passwo

to additional protection

I do so

access-list 23 permit any log

line vty 0 4

access-class 23 in

line vty 5 15

access-class 23 in

login on-failure log

login on-success log

this will syslog all connection attempts

archive

log config

  logging enable

  hidekeys

this will syslog all comands


ssh itself can be easyly decoded when man in the midle attack

4 REPLIES

Is it enough to logging through SSH-2 RSA only, 1024, password s

do you want to connect from LAN or from internet?

New Member

Is it enough to logging through SSH-2 RSA only, 1024, password s

I want to connect from Internet in 95%. Thank you.

Re: Is it enough to logging through SSH-2 RSA only, 1024, passwo

to additional protection

I do so

access-list 23 permit any log

line vty 0 4

access-class 23 in

line vty 5 15

access-class 23 in

login on-failure log

login on-success log

this will syslog all connection attempts

archive

log config

  logging enable

  hidekeys

this will syslog all comands


ssh itself can be easyly decoded when man in the midle attack

New Member

Re: Is it enough to logging through SSH-2 RSA only, 1024, passwo

ttemirgaliyev, 


Thank you very much.

These options are really essential:

syslog all connection attempts

syslog all comands

What do you think about the  MAC base Access-List for SSH Loggin on a cisco router?

Is it importan also or I should skip this option?

Thank you very much again.

#131104_1413_ i2_nwlVstCisSecConSecShe_ohmg

978
Views
0
Helpful
4
Replies
CreatePlease login to create content