Get cash from your website. Sign up as affiliate.
4000 TV channels
Download TV Software. It's safe to install.
Safe to install software
Download TV Software. It's safe to install.
Number one rated software

Nov 7, 2009

Configuring SSH

Traditionally, remote administrative access on routers was configured using Telnet on TCP port 23. However, Telnet was developed in the days when security was not an issue. For this reason, all Telnet traffic is forwarded in plain text. SSH has replaced Telnet as the best practice for providing remote router administration with connections that support strong privacy and session integrity. SSH uses port TCP 22. It provides functionality that is similar to that of an outbound Telnet connection, except that the connection is encrypted. With authentication and encryption, SSH allows for secure communications over an insecure network. In this configuration, four routers are interconnected in a hub-and-spoke Frame Relay configuration. Router R1 is the hub, and routers R2, R3, and R4 are the spokes. Dynamic routing has been configured using multiarea OSPF.


Task 1: View the Default Configuration.

Step 1. Verify the Frame Relay configuration on the routers.
a. On all four routers, enter user EXEC mode with the password cisco.

b. Enter privileged EXEC mode with the password cisco.

c. From privileged EXEC mode on all four routers, issue the show frame-relay map
command to verify Frame Relay connectivity.

Step 2. Verify the routing tables.

From privileged EXEC mode on all four routers, issue the show ip route command to verify the all network segments are being advertised.

Step 3. Verify connectivity between routers.

a. From R1, ping all LAN interfaces to verify connectivity.

b. Again from router R1, Telnet to R2 using it’s LAN interface IP address. Exit and repeat the step for routers R3 and R4.Ping other PCs on the same network.


Task 2: Configure SSH on the Hub Router (R1).

Step 1. Enable and configure SSH on R1.

To enable SSH on the router, the following parameters must be configured:
- Hostname
- Domain name
- Asymmetrical keys
- Local authentication

a. The hostname on R1 is pre-configured. Therefore configure the domain name cisco.com using the ip domain-name domain-name command.

b. The asymmetrical RSA keys must be generated on R1 using the crypto key generate rsa command. When prompted for a modulus size, specify a modulus of 1024 bits.

c. SSH will prompt for a username and password combination when enabled. Therefore, a local username database entry must be configured using the username name password password command. Create a local account for the user admin and password cisco.

d. Configure the SSH version using the ip ssh version command. In this lab, we will be configuring to use version 2.

e. Next, we need to disable Telnet and enable SSH communication to the VTY lines. To do so, enter the following commands on R1.

R1(config)# line vty 0 4
R1(config-line)# no transport input all
R1(config-line)# transport input ssh
R1(config-line)# login local
R1(config-line)# end

f. Save the configuration.

Step 2. Check results.

Your completion percentage should be 25%. If not, click Check Results to see which required components are not yet completed.

Task 3: Configure SSH on the Spoke Routers R2, R3 and R4.
Step 1. Configure SSH on routers R2, R3, and R4.
Repeat the Steps from Task 2 on routers R2, R3 and R4.
Step 2. Check results.

Your completion percentage should be 100%. If not, click Check Results to see which required components are not yet completed.

Task 4: Verify SSH.
Step 1. Verify the SSH configuration.

After configuring SSH on all routers, verify the SSH configuration on R1.

a. Issue the show ip ssh command to verify which version of SSH is configured, and what the default settings are.

R1# sho ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3

b. Next, issue the show ip ssh command to verify if SSH is currently running.

R1#show ssh
%No SSHv2 server connections running.
%No SSHv1 server connections running.

Step 2. connect to R2.ext.

a. Now Telnet to router R2.ext, to issue the show ip ssh command to verify if SSH is currently running.

R1# telnet 10.20.20.1
Trying 10.20.20.1 ...
[Connection to 10.20.20.1 closed by foreign host]

Recall that Telnet was deactivated using the no transport input all command. Only SSH can be used to establish a remote connection.

b. Using R1 as the SSH client, SSH to router R2 using the ssh –l username ip-address command.

R1#ssh –l admin 10.20.20.1

Password:

c. When prompted for a password, enter cisco. You should now be connected to router R2.

Posted by Daniel at Saturday, November 07, 2009
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)