Copyright (c) 2008 Don R. Crawley
Prior to the introduction of SSH in the Cisco IOS, the only remote login protocol was Telnet. Although quite functional, Telnet is a non-secure protocol in which the entire session, including authentication, is in clear text and thus subject to snooping.
SSH is both a protocol and an application that replaces Telnet and provides an encrypted connection for remote administration of a Cisco network device such as a router, switch, or security appliance.
The Cisco IOS includes both an SSH server and an SSH client. This document is concerned only with the configuration of the SSH server component.
Prerequisites
Software
The SSH server component requires that you have an IPSec (DES or 3DES) encryption software image from Cisco IOS Release 12. 1(1)T or later installed on your router. Advanced IP services images include the IPSec component. This document was written using c2800nm-advipservicesk9-mz. 123-14. T5. bin.
Pre-configuration
You must configure a hostname and a domain name on your router. For example:
router#
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router01(config)#hostname router01
router01(config)#ip domain-name soundtraining. net
You must also generate an RSA keypair for your router which automatically enables SSH. In the following example, note how the keypair is named for the combination of hostname and domain name that were previously configured. The modulus represents the key length. Cisco recommends a minimum key length of 1024 bits (even though the default key length is 512 bits):
router01(config)#
router01(config)#crypto key generate rsa
The name for the keys will be: router01. soundtraining. net
Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys . . . [OK]
Finally, you must either use an AAA server such as a RADIUS or TACACS+ server or create a local user database to authenticate remote users and enable authentication on the terminal lines. For the purpose of this document, we’ll create a local user database on the router. In the following example, the user “donc” was created with a privilege level of 15 (the maximum allowed) and given an encrypted password of “p@ss5678″. (The command “secret” followed by “0″ tells the router to encrypt the following plaintext password. In the router’s running configuration, the password would not be human readable. ) We also used line configuration mode to tell the router to use its local user database for authentication (login local) on terminals lines 0-4.
router01(config)#username donc privilege 15 secret 0 p@ss5678
router01(config)#line vty 0 4
router01(config-line)#login local
Enabling SSH
To enable SSH, you must tell the router which keypair to use. Optionally, you can configure the SSH version (it defaults to SSH version 1), authentication timeout values, and several other parameters. In the following example, we told the router to use the previously created keypair and to use SSH version 2:
router01(config)#
router01(config)#ip ssh version 2
router01(config)#ip ssh rsa keypair-name router01. soundtraining. net
You can now log on to your router securely using an SSH client such as TeraTerm.
Viewing SSH Configurations and Connections
You can use the privileged mode commands “view ssh” and “view ip ssh” to view SSH configurations and connections (if any). In the following example, the SSHv1 configuration from a Cisco 871 router is verified using “show ip ssh” and a single SSHv1 connection is displayed using the command “show ssh”. Notice that we did not enable SSHv2 on this router, so it defaulted to SSH version 1. 99. Also note in the output of the “show ssh” command that SSH version 1 defaults to 3DES. SSHv2 supports AES, a more robust and efficient encryption technology. SSHv2 is also not subject to the same security exploits as SSHv1. soundtraining. net recommends the use of SSHv2 and disabling a dropback to SSHv1. Enabling SSHv2 disables SSHv1. This example is included only to demonstrate backwards compatibility:
router04#
router04#show ip ssh
SSH Enabled – version 1. 99
Authentication timeout: 120 secs; Authentication retries: 3
router04#
router04#show ssh
Connection Version Encryption State Username
2 1. 5 3DES Session started donc
%No SSHv2 server connections running.
router04#
You can also use the command “debug ip ssh” to troubleshoot SSH configurations.
Posts Tagged ‘Router Switch’
How to Configure Ssh (secure Shell) for Remote Login on a Cisco Router
January 21st, 2010 
feed 
Tags: 3des Encryption, Advanced Ip Services, cisco, Cisco Ios, Cisco Network, Cisco Router, Configuration Commands, Configure, Encrypted Connection, Encryption Software, Ip Domain, Login, Login Protocol, Modulus, Remote, Remote Administration, Remote Login, router, Router Switch, Secure, secure shell, Security Appliance, Server Component, Shell, Software Image, Ssh Client, Ssh Server
D-Link 4-Port Wireless-G 108Mbps Router
November 19th, 2009 feed Tags: 4 Port Switch, 802 11g, Create Share, firewall, High Speed, internet connection, Intruders, Music Photos, printers, Router Switch, Sharing Files, Speed Broadband, Wireless Networking, wireless router, Wireless Security, Wireless Switch
- Create a faster wireless network to share your high-speed broadband Internet connection
- Protect your family and personal information from intruders with Active Firewall and easy-to-use Wireless Security features
- High-speed wireless networking for sharing files, music, photos, and printers
- High-Speed Wireless Networking for Sharing Files, Music, and Photos
- Easy to install and use
Product DescriptionRangeBooster G Wireless Router, 4-Port Switch, 802. 11g, 108Mbps. . . More >>
All About Wireless Routers
November 13th, 2009 feed Tags: Address Data, Best Route, Cable Modem, Central Component, Computer Network, Data Packet, Data Packets, Data Transmission, Destination Address, Final Destination, Gateway Router, Hubs, Route Packets, Router Switch, Routing In The Internet, Target Computer, Transmission Path, Two Computers, Two Networks, WansThis is an incomplete computer network without a router. This way, everything they are not on a network. A router actually transfers data packets over networks. It will combine at least two networks for a router, it usually connects two LANs or WANs or a LAN and ISP network. When a connecting device are on the gateway router, there are two or more networks connected with those positions.
Routing in the Internet
Routing is the technique with which to receive data transmission path from one server to another. In other words, technically, used routers in headers and tables to be the best way to determine transmitted data packets between networks, and use them for these protocols such as ICMP to communicate with each other and configure the and the best route between two computers.
Difference between routers, switches and hubs
Many people include routers, switches and hubs for the other side of its other standard features.
Today, most routers in one device that integrates the features of a router, switch and hub. Another router, switch and hub are all very different from each other, even after the integration of all in one device.
A switch and hub are two devices that are not comparable functions in a network. Serves both as a central component of the network and the transmission of data, which are known as frames. An image is transferred from one computer to receive and enhanced to provide the port on the target computer. The difference between these two devices is the way to be transmitted through the images.
On the other hand, the device has completely different from a switch or hub. When a hub or switch jobs to transfer images to the role of a router is to route packets to other networks when its job is to transmit the data packet to its final destination. The big difference with the data packet is that it contains the destination address data, which leads to its destination.
All routers have a port to connect to a DSL or cable modem and switch integrated to facilitate users to create a local network. This makes it possible for computers on a LAN to connect to the Internet.
How does a Wireless Router Work
A router is connected to the broadband modem, and in turn is connected to the computer is connected to the Internet. There are wide range of wireless routers available on the market. In the category of wireless routers, the speed of data transmission, they are not really in competition with each other.
Data transmission speed is important and needs to be high. People who want to have a router, it should install easily. The range of OS support to be versatile. A wireless router works fine with Windows, Mac and Linux should be the best of all.
When setting up your wireless router. . .
Once you have decided to go for your wireless internet, laptop / PC should be wireless at the time they wear it around the workplace or at home, without a LAN cable. It is work surprisingly well.
But you also need a little background to know to set it up. In general, many wireless router provides Router, modem, firewall, port switch and wireless access point. It makes your broadband easily shared among others in your office or home.
During the installation, to respect, which jack on your router is to connect the port to the wall well. A bad connection can cause hours of temporary access consume a loss to resolve. To make sure the cable that you connect to the game properly.
Setting up a LAN router should be relatively easy, simply by the instructions manual with the router, as a result. However, installing a wireless router, it should be a little more difficult. In general, you should follow the instructions adequate, but the review found that some tips for setting up a wireless router, you will do so safely.
Cisco Routers for the Desperate: Router and Switch Management, the Easy Way
November 9th, 2009 feed Tags: Amp, cisco, Cisco Router, cisco routers, Cisco Switches, Cornerstones, Crisis Mode, Product Description, Quot, Remainder Mark, Responsible Administrator, Router Management, Router Switch, Routers And Switches, Shipping Prices, Switch Management
- ISBN13: 9781593271930
- Condition: NEW
- Notes: Brand New from Publisher. No Remainder Mark.
- Click here to view our Condition Guide and Shipping Prices
Product Description Cisco routers and switches are the cornerstones of many networks. But when things break intimidate, repairs may include the responsible administrator. Fortunately, just know that "emergency" Basics will take you far. Like the original, this second edition of the acclaimed Cisco routers for the desperate "stands for the director in crisis mode. Updated to cover the latest Cisco switches and terminology, with a more detailed definition of requirements. . . More>>
Cisco Routers for the Desperate: Router and Switch Management, the Easy Way
AP+4 802.11B/G ACCESS POINT BRIDGE REPEATER ROUTER 4PORT SWITCH
July 4th, 2009 feed Tags: 4 Port Switch, 802 11b, 802.11B/G, ACCESS, Access Point, AP+4, Bridge, Bridge Plugs, broadband internet connection, Broadband Router, Connecting Computers, Ethernet, Local Area Networking, Network Access, Network Repeater, Network Router, Networking Functions, POINT, Point Bridge, Ports, Product Description, Router Switch, wi fi, Wireless Networks, Zoom
Product Description
The Zoom model 4401 provides a range of local area networking functions including 1). Access Point to link all wireless-enabled computers and other devices to a network 2). Broadband Router to give the devices on a network shared access to a broadband Internet connection 3). 4-port Switch has 4 Ethernet ports for connecting computers and other devices to a network; 4). Repeater extends the range of wireless networks and 5). Ethernet to Wi-Fi Bridge plugs into the (more…)
