--------Passwords-------------------- (config)#hostname Mickey (config)#line con 0 (config-line)#logging synchronous (config)#enable password cisco (config)#enable secret cisco2 #show run | include enable (config)#line vty 0 4 (config-line)#password cisco3 (config-line)#login the same for console 0 si aux 0 - cisco4 exit exit - login again #show run (config)#security passwords min-length 8 (config)#enable secret cisco (config)#line console 0 (config-line)#exec-timeout 3 30 (config)#line vty 4 (config)#no exec (config)#service password-encryption #show run (config)#username laura secret ciscocisco (config)#username gigi password ciscocisco2 (config)#line con 0 (config-line)#login local exit exit exit - login again with username (config)#login block-for 100 attempts 7 within 60 (config)#login on-failure log (config)#login on-success log (config)#security authentication failure rate 10 log (config)#login delay 2 #show login exit exit - login fail a couple of times - logs appear login correct - logs appear #show login #show login failures no logs for the console (just for vty) (config)#banner motd & You are not welcomed on $(hostname) & exit exit - login again - the message appears -----------SSH---------------- #show version | include IOS (config)#ip domain-name gigi.home (config)#crypto key generate rsa general-keys modulus 1024 generates keys Mickey.gigi.home We already have some users configured (config)#line vty 0 4 (config-line)#transport input ssh (config-line)#login local (config)#int s0/1 (config-if)#ip add 10.0.0.1 255.255.255.0 (config-if)#no shut The same on Minnie with 0.2 #ping 10.0.0.2 Minnie: #ssh -l gigi 10.0.0.1 We do some failed logins #show login #show login failures (config)#ip ssh version 2 (config)#ip ssh time-out 60 (config)#ip ssh authentication-retries 5 After we change the version, we must regenerate the keys With gigi connected on Mickey #show ssh #show ip ssh #show crypto key mypubkey rsa -----------Priviledge levels—————— (config)#username support privilege 5 secret ciscocisco (config)#enable secret level 5 ciscocisco1 (config)#privilege exec level 5 show all exit exit - login with user support #show privilege # conf t -> does not work # show login -> does not work #enable 15 -> requests password (cisco2) #show privilege #enable 5 -> no password request #ssh -l support 10.0.0.1 #show privilege ---------------NTP---------------- Mickey: #clock set 20:00:00 OCT 22 2014 Minnie: #clock set 19:00:00 OCT 21 2014 (config)#ntp master 1 #show clock Mickey: #show clock (config)#ntp server 10.0.0.2 #show clock #show ntp status #show ntp associations #show ntp associations detail (config)#ntp authenticate (config)#ntp authentication-key 1 md5 ciscontp (config)#ntp trusted-key 1 Mikey +: (config)#ntp server 10.0.0.2 key 1 #debug ntp authentication #show ntp associations detail -> appears “authenticated” (config-if)#ntp broadcast destination 10.0.0.255 (config-if)#ntp broadcast client ---------Autosecure------------------ #auto secure