Secure Shell (SSH) provides a secure and reliable mean of connecting to remote devices. It’s an encrypted network protocol that allows users to safely access equipment via command line interface sessions. SSH makes use of TCP port 22 which’s assigned to secure logins, file transfer and port forwarding.
SSH uses public key for authenticating the remote device and encrypt all data between that device and the workstation which makes it the best choice for public networks, unlike (telnet) which transmits data in plain text which subjects it to security threats, this makes (telnet) recommended for private networks only to keep the data uncompromised.
Before continue this LAB first make sure you have already done your basic configuration for your router or switch like IP address configuration, setup gateway, set enable or secret password etc. If this is already done than follow the next steps:-
Step-1: Hostname and Domain-name configuration
Router(config)# hostname LAB LAB(config)# ip domain-name nazrul.pro
Step-2: Generate the RSA Keys
The router should have RSA keys that it will use during the SSH process. So, generate these using crypto command as shown below.
LAB(config)# crypto key generate rsa The name for the keys will be: LAB.nazrul.blog Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus : 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Step-4: Line VTY configurations for SSH
Setup the following line vty configuration parameters, where input transport is set to SSH. Set the login to local, and password to 7.
LAB(config)#line vty 0 4 LAB(config-line)# transport input ssh LAB(config-line)# login local LAB(config-line)# password 7 LAB(config-line)# exit
Step-5: Add username and password
If you don’t have any created user than create a username and password for SSH
LAB(config)# username nazrul password sshpassword
Step-6: SSH Verify
For verifying ssh from router you just put ip ssh command than router will show you is ssh enable on your router or not.
LAB#sh ip ssh SSH Enabled - version 2.0 Authentication methods:publickey,keyboard-interactive,pass
Now you can able to ssh from remote host.