September 2009

Enabling SSH on Cisco Devices

Firstly, why enable SSH? By default, all Cisco devices will use telnet for network access (once a password has been configured.) Telnet is a cleartext protocol, all credentials are passed in clear text and can easily be ‘snooped.’ SSH is an encrypted protocol, therefore usenames and passwords cannot be snooped. Please note that SSH support requires an IPSEC (3DES/DES) IOS image to be installed on your Cisco device.

Step 1: Set Hostname and Domain Name for RSA generation:
(config)# hostname 3620-1
(config)# ip domain-name test.local

NOTE: Replace 3620-1 with the hostname of your router, and test.local with the correct domain name for your environment.

Step 2: Generate the RSA key pair for your routerand enable SSH support using the following commands:
(config)# crypto key generate rsa

Step 3: Set vty protocol to allow SSH only:
(config)# line vty 0 4
(config-line)# transport input ssh

Step 4: Set an SSH session timeout of 120 seconds:
(config)# ip ssh time-out 120

Step 5: Set the number of authentication attempts before the vty is reset to 3:
(config) ip ssh authentication-retries 3

Step 6: Save your configuration!
# copy run start

Disabling SSH Access

Step 1: Delete the RSA key:
(config)# crypto key zeroise rsa

Step 2: Reset VTY’s to use telnet:
(config)# line vty 0 4
(config-line)# transport input telnet

Step 3: Save your configuration!
# copy run start

Exchange 2007 OWA Access To Other Users Mailboxes

Granting Mailbox Access to Other Users Mailbox via OWA

OWA will does not work with inherited mailbox database/server permissions for other users mailbox access. Permissions must be specifically granted on each mailbox. The Powershell scripts will enable access to users users mailboxes ia OWA for a chosen user or group.

Save the the following powershell script to a bew .ps1 file, modifying the appropriate username/group name as highlighted in red.

# Set-Full Mailbox Permissions on all Mailboxes in Org for EU Mailbox Admins
#
#This is required for OWA mailbox access as OWA does not support inherited permissions on mailboxes
#
Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin -erroraction silentlyContinue
$userAccounts = get-mailbox -resultsize unlimited
ForEach ($user in $userAccounts)
{
add-MailboxPermission -identity $user -user “Exchange Mailbox Admins” -AccessRights FullAccess
}

Alternately you can grant access to all mailboxes from OWA for a single Mailbopx Database using the following script, change the mailbox database path as applicable for your environment:

# Set-Full Mailbox Permissions on all Mailboxes in Org for EU Mailbox Admins
#
#This is required for OWA mailbox access as OWA does not support inherited permissions on mailboxes
#

Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin -erroraction silentlyContinue
$userAccounts = get-mailbox -resultsize unlimited -Database “MYSERVER\SG2\Mailbox Database“
ForEach ($user in $userAccounts)
{
add-MailboxPermission -identity $user -user “Exchange Mailbox Admins” -AccessRights FullAccess
}