enable ssh on cisco router :a detailed ssh configuration lab

Posted: 27 May 2018 in CCNA, Uncategorized
Tags: , ,

Today I am here to discuss ssh configuration and ssh configuration options on routers in little more detail. using cisco packet tracer software here i will show you not only how to configure ssh over cisco router but also show you how to configure other ssh setting on router properly.Before we go ahead in this article i will love to brief you guys about the steps i will follow to do this lab.

Even you have Basic Knowledge of networking you can easily understand this lab and can configure ssh on any router with all other settings.

 

1.Configure Router Interface ,assign ip address and gateway ip on PC and Then Verify Communication using PING Command.

2. Configure hostname and domain name for router

3 Configure RSA key

4.Enable SSH v2

5.Configure other settings for SSH

6.Create user account for ssh and password with higher priviledge.

7.Configure VTY Line for SSH

7.Check ssh connection from remote pc.

8.Check ssh version and other settings

9.Check or see public key you created

ssh configuration lab

 

Now Lets start The steps one by One as I have mentioned above:

First we will assign ip address on pc and router interface as mentioned in above topology diagram.
At the same time we can configure hostname and domain name.

 

Router>enable

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname cisco

cisco(config)#ip domain-name ccna.com

cisco(config)#int fa0/0

cisco(config-if)#ip add 1.0.0.1 255.0.0.0

cisco(config-if)#no shut

 

Configure RSA key on Cisco router of 1024 bit:

 

cisco(config)#crypto key generate rsa

The name for the keys will be: cisco.ccna.com

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

 

Enable SSH version 2 on cisco Router:

 

cisco(config)#ip ssh version 2

*Mar 1 0:3:26.375: %SSH-5-ENABLED: SSH 1.99 has been enabled

cisco(config)#

 

Configure maximum login attempt settings for security reasons.
Also configure ss time-out time.

 

cisco(config)#ip ssh authentication-retries 3

cisco(config)#ip ssh time-out 60

 

Configure Username with encrypted password using enable secret.

here password is linux123

 

cisco(config)#username admin privilege 15 secret linux123

 

Configure VTY Line for SSH

 

cisco(config)#line vty 0 4

cisco(config-line)#transport input ?

all All protocols

none No protocols

ssh TCP/IP SSH protocol

telnet TCP/IP Telnet protocol

cisco(config-line)#transport input ssh

cisco(config-line)#privilege level 15

cisco(config-line)#login local

ssh lab

You can see above we have taken ssh as input so telnet or any other protocol is now disabled on these lines.

 

 

 

Now its time to go to PC and Check its IP Address:

 

Packet Tracer PC Command Line 1.0

PC>ipconfig

FastEthernet0 Connection:(default port)

Link-local IPv6 Address.........: FE80::205:5EFF:FECE:2619

IP Address......................: 1.0.0.2

Subnet Mask.....................: 255.0.0.0

Default Gateway.................: 1.0.0.1

 

 

Now Test SSH connection from PC to Router:

 

PC>ssh -l admin 1.0.0.1

Open

Password:

cisco#

time to cross check ssh version and other settings we have done.

 

cisco#show ip ssh

SSH Enabled - version 2.0

Authentication timeout: 60 secs; Authentication retries: 3
Time to check the publick key generated

ssh public key

cisco#show crypto key mypubkey rsa

% Key pair was generated at: 0:3:12 UTC Mar 1 1993

Key name: cisco.ccna.com

Storage Device: not specified

Usage: General Purpose Key

Key is not exportable.

Key Data:

00003cc5 00006575 00007e8d 0000173b 00000900 00000937 00002d2d 000023ed

00006671 00007e88 00005b89 00004824 00005d2c 00001c80 00007672 0000273e

000005a1 00005217 00004808 00005daa 00005a15 000001d2 000074cf 59aa

% Key pair was generated at: 0:3:12 UTC Mar 1 1993

Key name: cisco.ccna.com.server

Temporary key

Usage: Encryption Key

Key is not exportable.

Key Data:

00003c53 000040a2 00004f06 00003156 0000039e 00007c09 00007434 000019e5

000026eb 00004b7e 00006903 00006428 0000574d 00007113 00002751 00002257

00001eb1 00004d55 00005285 00005b10 000056cb 00004a73 0000061f 6d9d

cisco#
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.