The importance of SSH is paramount. Telnet is sent clear text and is unencrypted . It has now become near one of the first things I do along side configuring passwords and hostnames.
Today, We will do setup SSH connectivity.
For todays walk through, I have set up a PC connected to a router via Fa0/0. I have a console cable from the same laptop into the router.
The Config
First of all we will start and configure some of the base requirements.
Configuration of the host name. Cannot be Router. We also configure the ip domain-name in this step. We do this because the two are used in generation of the RSA key used with SSH.
Here we generate the RSA key. This step you need to pay attention to. 767 bit modulus and below will result in SSHv1.
768 bit modulus and higher will result in SSHv2. It is important to use SSH2. Beware that on older routers and non ISR devices, this process can take a little time.
Above you can see SSHv2 has been enabled. I have also set a time out on the SSH session and set 2 attempts. This means if credentials are entered wrong more than twice in a row, the person is kicked out. It is also possible to set an ACL that will block that IP for a set amount of time. That is using a timed access list.
This enables aaa and we set a username of fang with clear text input of a password labeled fang. When you SSH into a device you require a username and the password and these details here will be required. You can use radius or keep it local. That part is up to you.
Here we have defined that on Terminal line with the transport input command we want to use SSH only. That means telnet connections via interfaces vty 0 – 4 will accept only SSH.
I have also set the enable secret password here. This will be required once we have made an SSH session to reach exec.
Now to test the Host
Here is an attempt to telnet to my router. As you can see, the connection is refused. This is due to the transport input SSH command.
Now lets try SSH…
And look at that. ssh [email protected] command initiates a SSH session. SSH denotes what protocol to use, [email protected] specifies the use the username fang and connect to the IP address which is the interface of Fa0/0.
The enable secret password challenges us when we want to move into privileged mode.
There you have it. SSH2 connectivity.