, ,

IOS XR Fryguy

We need to have a way to remote access this device, and by default SSH and TELNET are not enabled.
First up, the easy one – telnet.
RP/0/RSP0/CPU0:R1(config)#telnet ipv4 server max-servers 10
And like that, we can telnet.
Ok, onto SSH – but before setting up SSH, we need to generate an RSA key. This is a bit different as you do not do this from config mode.
First up, add your domain-name if you do not have one:
RP/0/RSP0/CPU0:R1(config)#domain name fryguy.net
RP/0/RSP0/CPU0:R1#crypto key generate rsa
Sat Apr 21 00:36:07.790 UTC
The name for the keys will be: the_default
Choose the size of the key modulus in the range of 512 to 2048 for your General Purpose Keypair. Choosing a key modulus greater than 512 may take a few minutes.

How many bits in the modulus [1024]: 2048
Generating RSA keys …
Done w/ crypto generate keypair


Once we have generated the RSA key, we can now enable the SSH service:
RP/0/RSP0/CPU0:R1#conf t
Sat Apr 21 00:40:33.845 UTC
RP/0/RSP0/CPU0:R1(config)#ssh server v2
Sat Apr 21 00:40:39.939 UTC

And like that, SSH services are now enabled.
Ok, but what if we wanted to limit who has access to the box by IP address, that is where control-plane security comes in.
RP/0/RSP0/CPU0:R1(config-mpp-inband)#int g0/1/0/18
RP/0/RSP0/CPU0:R1(config-mpp-inband-if)#allow SSH peer
RP/0/RSP0/CPU0:R1(config-ssh-peer)# address ipv4
RP/0/RSP0/CPU0:R1(config-ssh-peer)# allow Telnet peer
RP/0/RSP0/CPU0:R1(config-telnet-peer)#address ipv4
Sat Apr 21 01:09:45.163 UTC

And now to test, from a device on network:
nX: ssh admin@
admin@’s password:

There you go, SSH access from only the subnet
And, when it comes close the expiry timer, you will get a message:
* The idle timeout is soon to expire on this line

Received disconnect from 11: