Monday, 29 August 2016

Configure SSH access on a CISCO Router

Configure SSH access on a CISCO Router


There is only a way to access a cisco device physically is Console access ( of course we have USB now). But what if we have the Router or Switch in a remote location? 

We have to use Telnet to access the Router but Telnet is not a secure way of communication as the Username and Password transmit plane text format, Which is easy to capture the credentials. So we have to have a secure way of accessing the remote devices. This is where SSH comes in. SSH is a secure way of remote access with RSA encryption. Lets see how we can do configure SSH on a CISCO device

Login to the Router using console or Telnet and configure the following 

first we need to Configure the Basic configurations. 

1.Set hostname and domain-name
   Router>Enable
   Router#configure Terminal
   Router(Config)#hostname lab5
   Lab5(config)#ip domain-name lab5.com
   Lab5(config)#enable secret cisco123
   Lab5(config)#username XXXX privilege 15 secret XXXX

Now we have to configure RSA , if we use version 2 then we have to use 512 or above bits of encryption.

2.Generate the RSA Keys
   Router(config)#crypto key generate rsa
The name for the keys will be: lab5.com
 Choose the size of the key modulus in the range of 360 to 2048 for your
   General Purpose Keys. Choosing a key modulus greater than 512 may take
   a few minutes.

How many bits in the modulus [512]: 1024
 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

3.Next setup VTY line 

Lab5(config)#line vty 0 4
Lab5(config-line)#login local
Lab5(config-line)#transport input ssh

4. Setup IP

Lab5(Config)# int g0/1
Lab5(Config-if)#ip add 192.168.100.1 255.255.255.0
Lab5(Config-if)#no shutdown


Thats all , Use the Putty or CMD to connect your Router

In CMD use SSH  -l Username IPaddress

No comments:

Http vs Https