|
Device
|
Interface
|
IP Address
|
Subnet Mask
|
|
S1
|
VLAN 1
|
10.10.10.2
|
255.255.255.0
|
|
PC1
|
NIC
|
10.10.10.10
|
255.255.255.0
|
SSH should
replace Telnet for management connections. Telnet uses insecure plain text
communications. SSH provides security for remote connections by providing
strong encryption of all transmitted data between devices. In this activity,
you will secure a remote switch with password encryption and SSH.
As we already have telnet connection, so firstly we are
going to connect by telnet through PC1 to S1 for changing the switch
configuration telnet to ssh access.
From PC1 command
prompt telnet to S1 vlan IP:
PC>telnet 10.10.10.2
Trying 10.10.10.2 ...Open
User Access Verification
Password:
S1>enable
Password:
S1#
Configure the domain name to nrt.com:
S1#conf t
S1(config)#ip domain-name nrt.com
Secure keys are needed to encrypt the data. Generate the RSA keys
using a 1024 key length:
S1(config)#crypto key generate rsa
The name for the keys will be: S1.nrt.com
Choose the size of the key modulus in the range of 360 to
2048 for your
General Purpose
Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be
non-exportable...[OK]
Create an
SSH user and reconfigure the VTY lines for SSH-only access:
S1(config)#username administrator password sshlogin
S1(config)#service password-encryption
Configure the VTY lines to check the local username database for
login credentials and to only allow SSH for remote access. Remove the existing
vty line password:
S1(config)#line vty 0 15
S1(config-line)#login local
S1(config-line)#no password
S1(config-line)#transport input ssh
Exit the Telnet session and attempt to log back in using Telnet.
The attempt should fail. Attempt to log in using SSH with below command at PC1
command prompt (Password- sshlogin).
PC>ssh -l administrator 10.10.10.2
Open
Password:
No comments:
Post a Comment
Comment