You can now start configuring the Cisco Router/Switch securely from a remote location. Step 7: Now you are connected to Cisco Router or Switch using SSH protocol. Step 6: Enter the userid (jajish) and corresponding password which we have configured in Cisco Router/Switch before and hit "Enter". Accept the warning message and click "Yes" to connect to Cisco Router or Switch. Step 5: If this is the first time you are connecting to the Cisco Router or Cisco Switch, you will get a warning message as shown below stating that the Router's/Switch's host key is not cached locally. Select SSH as the desired protocol as shown below. Open PuTTY and enter the IP address of the Cisco Router or Cisco Switch which you want to connect to. Follow the link to download PuTTY, one of the best terminal emulator software availabe for free. Step 4: To connect to Cisco Router or Cisco Switch using SSH from a Windows workstation, you must use a SSH client tool (SSH client utility is not packed with Windows Operating Systems up to Windows 7). OmniSecuR1(config-line)#transport input ssh Disabling telnet will prevent someone to connect to a Cisco Router or Switch accidentally using telnet and cause a security issue.įollow these steps to instruct the Cisco Router or Switch to use local user database for SSH authentication and to disable telnet access to Cisco Router or Switch. Step 3: Next important step you have to do is to configure router/switch to use local user database for authentication and to disable telnet. % Generating 1024 bit RSA keys, keys will be non-exportable. Choosing a key modulus greater than 512 may take The name for the keys will be: Ĭhoose the size of the key modulus in the range of 360 to 2048 for your OmniSecuR1(config)#crypto key generate rsa general-keys SSH 1.99 is not a version, but an indication of backward compatibility. SSH 1.99 shows that Cisco device supports both SSH 2 and SSH 1. After generating the RSA keys, Cisco Router/Switch will automatically enable SSH 1.99. You must configure a domain name also before generating RSA keys.įollow these Cisco IOS CLI commands to configure a hostname, a domain name and to generate RSA keys of 1024 bit length. The default device name of a Cisco Router is "Router" and default device name of a Cisco Switch is "Switch". Before generating RSA encryption keys, you must change the default hostname of a Cisco Router or Switch. Step 2: Cisco devices use RSA public key encryption algorithm for SSH connectivity. OmniSecuR1(config)#username jajish privilege 15 secret OmniSecuPass Follow these steps to create a local user with username "jajish" and password as "OmniSecuPass" and with a privilege level 15. Step 1: First step in configuring SSH to securely access the CLI interface of a Cisco Router or Switch remotely is to create a local user database for user authentication. How to configure SSH (Secure Shell) in Cisco Router or Switch for secure remote access SSH uses TCP as its transport layer protocol and uses well-kown port number 22. Both SSH1 and SSH2 supports secure connection over network, but SSH2 supports for public key certificates and Diffie-Hellman key exchange. SSH has two main versions, SSH1 and SSH2. SSH supports Authentication to reliably determine the identity of the connecting computer, encryption to scramble data so that only the intended recipient only can read it and Integrity to guarantees the data sent over the network is not changed by a third party. SSH (Secure Shell) protocol provides the three main ideas of security authentication, confidentiality (via encryption) and integrity of data transfer over a network. SSH (Secure Shell) is a protocol which define how to connect securely over a network. Network administrators must disable telnet and use only SSH wherever possible. Telnet is used only as network testing tool like ping or netstat these days. SSH supports authentication, confidentiality and integrity for remote administration. SSH replaced telnet and SSH is much more secure than telnet. Telnet is an insecure protocol for remote server configuration. Telnet was the protocol which Network Administrators were using for accessing the CLI console of a server or a network device remotely.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |