[ad_1]
Packet Tracer – Configuring SSH
(Teacher Model)
Teacher Word: Purple font shade or Grey highlights point out textual content that seems within the teacher copy solely.
Topology
Addressing Desk
Aims
Half 1: Safe Passwords
Half 2: Encrypt Communications
Half 3: Confirm SSH Implementation
Background
SSH ought to change Telnet for administration connections. Telnet makes use of insecure plain textual content communications. SSH supplies safety for distant connections by offering sturdy encryption of all transmitted knowledge between units. On this exercise, you’ll safe a distant swap with password encryption and SSH.
Half 1: Safe Passwords
a. Utilizing the command immediate on PC1, Telnet to S1. The person EXEC and privileged EXEC password is cisco.
Packet Tracer PC Command Line 1.0
PC>telnet 10.10.10.2
Making an attempt 10.10.10.2 …Open
Consumer Entry Verification
Password:
S1>en
Password:
S1#
b. Save the present configuration in order that any errors you would possibly make may be reversed by toggling the facility for S1.
S1#copy running-config startup-config
Vacation spot filename [startup-config]?
Constructing configuration…
[OK]
c. Present the present configuration and be aware that the passwords are in plain textual content. Enter the command that encrypts plain textual content passwords.
S1#present running-config
……..
hostname S1
!
allow password cisco
!
line con 0
!
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
S1#conf ter
S1(config)#service password-encryption
d. Confirm that the passwords are encrypted.
S1#present running-config
Constructing configuration…
!
hostname S1
!
allow password 7 0822455D0A16!
line con 0
!
line vty 0 4
password 7 0822455D0A16
login
line vty 5 15
password 7 0822455D0A16
login
Half 2: Encrypt Communications
Step 1: Set the IP area identify and generate safe keys.
It’s usually not secure to make use of Telnet, as a result of knowledge is transferred in plain textual content. Due to this fact, use SSH each time it’s out there.
a. Configure the area identify to be netacad.pka.
S1(config)#ip domain-name netacad.pka
b. Safe keys are wanted to encrypt the info. Generate the RSA keys utilizing a 1024 key size.
S1(config)#crypt key generate rsa
What number of bits within the modulus [512]: 1024
Step 2: Create an SSH person and reconfigure the VTY strains for SSH-only entry.
a. Create an administrator person with cisco as the key password.
S1(config)#username administrator secret cisco
b. Configure the VTY strains to verify the native username database for login credentials and to solely permit SSH for distant entry. Take away the present vty line password.
S1(config)#line vty 0 15
S1(config-line)#login native
S1(config-line)#transport enter ssh
S1(config-line)#no password cisco
Half 3: Confirm SSH Implementation
a. Exit the Telnet session and try and log again in utilizing Telnet. The try ought to fail.
PC>telnet 10.10.10.2
Making an attempt 10.10.10.2 …Open[Connection to 10.10.10.2 closed by foreign host]
b. Try to log in utilizing SSH. Kind ssh and press Enter with none parameters to disclose the command utilization directions. Trace: The -l possibility is the letter “L”, not the #1.
c. Upon profitable login, enter privileged EXEC mode and save the configuration. When you have been unable to efficiently entry S1, toggle the facility and start once more at Half 1.
PC>ssh -l administrator 10.10.10.2
Open
Password:Password:
–> Use Cisco Packet Tracer 6.3
Obtain 2.2.1.4 Packet Tracer – Configuring SSH Directions.pdf
[ad_2]