SSH Configuration on Packet Tracer

ssh-config-ipcisco

SSH Config

 

SSH (Secure Shell) is one of the most used protocols in network World. As a secured alternative of Telnet, SSH is always in the life of a network engineer. It helps us to connect our routers, swithces and any other network equipments. Especially because of SSH is more secure, it is always prefered more than Telnet. In this lesson, we will focus on SSH Configuration on Cisco routers with an SSH Config Example.

ssh-config-ipcisco

So, what will be our SSH Config steps? In this example, we will go through the below six  steps one by one:

  1. IP Configs
  2. Password Encryption
  3. Domain Data Encryption
  4. Router User Config
  5. SSH Config
  6. SSH Verification

 

So, let’s start SSH Configuration and see how is the backplane config of our SSH connection on routers.

IP Configs

Firstly, we will configure IP addresses of router interface and the PC. We will use the below IP addresses:

Router fa0/0 Interface

IP : 10.0.0.1

Subnet : 255.255.255.0

 

PC

IP : 10.0.0.2

Subnet : 255.255.255.0

Gateway : 10.0.0.1

 

Router  # configure terminal

Router (config) # interface fa0/0

Router (config-if) # ip address 10.0.0.1 255.255.255.0

Router (config-if) # no shutdown

Password Encryption

In the second step, we will use “service password-encryption” command to encrypt passwords on the routers. This sis a classical command used after password configuration. The main duty of this command is encrypting the clear text passwords. And with this command, passwords are shoed as hashed in the router config file.

Router (config) # service password-encryption

Domain Data Encryption

 

In this step, we will set the domain name. Our domain name will be SSHabc. And after that, we will encrypt the data in it with “crypto key generate rsa” command.

During this configuration we will set the modüle sizes. So we will use 512 here.

Router (config) # ip domain-name SSHabc

Router (config)# crypto key generate rsa

Router User Config

 

This step is the classical user definion on the router. We will do it with username, password and the priviledge level. Our user is Gokhan, password is abc123 and the priviledge mode is 15.

Router (config) # username gokhan privilege 15 password abc123

We will use this username and password for  SSH connection.

 

SSH Config

 

The main configuration step of this SSH Config lesson is this step. Here, we will do the SSH configuration in line mode.

Firstly, we will go to line mode and configure the ssh for 17 users from 0 to 16. And then we will use “transport input ssh”. This command will allow only SSH access. Telnet accesses will be rejected.

Then, we will set the login as local with “login local” command. With this command, we can use local router users to ssh access.

After that , we will configure the the version of SSH. There are two SSH versions, SSH version 1 and SSH version 2. The second one provide more enhanced security agorithm. Here, we will use SSH version 2. Ton configure it, we will use “ip ssh version 2” command.

Lastly, we will save our SSH Configuration.

Router (config) # line vty 0 16

Router (config-line) # transport input ssh

Router (config-line) # login local

Router (config-line) # ip ssh version 2

Router (config-line) # end

Router # write

Back to: CCNA > Basic Security and Port Security

Leave a Reply

Your email address will not be published. Required fields are marked *




CCNA