Net 412 (Practical Part) LAB 4 - SSH Networks and Communication Department LAB 4 - SSH

Enable SSH on Cisco Router Secure Shell or SSH is a secure protocol and the replacement for Telnet and other insecure remote shell protocols. So for secure communication between network devices, always use SSH instead of Telnet. Configure SSH on Cisco routers and switches with the below step by step guide to SSH configuration. Networks and Communication Department

Topology Networks and Communication Department

Configure PC0 Networks and Communication Department

1. Open the router R1 console line and create IP , domain and user name. Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int f0/0 Router(config-if)#no shut Router(config-if)#ip add 192.168.1.1 255.255.255.0 Router(config-if)#exit Networks and Communication Department

1. Open the router R1 console line and create IP , domain and user name. R1(config)#ip domain-name pnu.com R1(config)#username Norah Password pass123 // The “ip domain-name” command create a domain and names it pnu.com. // The “username Norah Password Pass123” command just creates a user name “Norah” with “Pass123” password. You can use the domain name so you don't have to type the entire IP address.   For example: Imagine you have an ipv6 or ipv4 and you keep forgetting them. However, you have configured a domain name. You can use that domain name to SSH. Imagine if facebook or google don't have domain names. Everyone has to type the IP address of their network/server to go to their website. That's the use of the domain name. You can also use the domain name if you forgot or just don't like the hastle of typing the ip address. Networks and Communication Department

2. Generating the encryption keys for securing the ssh session: R1(config)#crypto key generate rsa  % Please define a hostname other than Router. Router(config)#hostname SSH SSH(config)#crypto key generate rsa % The name for the keys will be: SSH.pnu.com % Choose the size of the key modulus in the range of 360 to 2048 for your % General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non- exportable…[OK] Type “crypto key generate rsa” command and press enter, when ask you “How many bits in the modulus [512]:” just type “1024″ and press enter. The system will generate 1024 bits keys to secure session lines. Networks and Communication Department

3.Enable vty lines and configure access protocols. R1(config)#line vty 0 4 R1(config-line)#transport input ssh R1(config-line)#password pass123 R1(config-line)#login R1(config-line)#logging synchronous R1(config-line)#motd-banner R1(config-line)#exit Router(config)#enable password pass123 Router(config)#exit // The configuration is the same as telnet, just the transport input ssh command change the line to Secure Shell. Configuration has completed, next you must test ssh from a client PC. Networks and Communication Department

Testing SSH Connectivity From a client PC, open the command line and type PC>ssh -l Norah 192.168.1.1 Open Password: R1>enable  Password:  R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# Networks and Communication Department

Test PC0 Networks and Communication Department

The End Any Questions ? Networks and Communication Department