How To Configure SSH On A Cisco Device | Secure Connection

KBTrainings
27 Oct 202209:33

Summary

TLDRThis tutorial demonstrates how to configure a Cisco switch for remote access via SSH, a method applicable to routers and firewalls as well. It emphasizes the importance of SSH for secure production environments, contrasting it with the less secure telnet. The guide covers creating an enable password, setting up a user account, modifying the hostname, assigning a domain name, generating RSA keys for encryption, and updating SSH to version 2 for enhanced security. The video also addresses network connectivity issues and concludes with a successful SSH session, highlighting the versatility required by engineers to manage various devices.

Takeaways

  • πŸ˜€ The video is a tutorial on configuring a Cisco switch for remote SSH access, applicable to routers and firewalls as well.
  • πŸ”’ SSH is recommended over telnet for production environments due to security reasons, as telnet is not secure and sends data in plain text.
  • πŸ“ The presenter has console access to the device and will use it to configure the necessary settings for SSH connectivity.
  • πŸ”‘ An enable password is required for accessing the enabled mode during an SSH session for security purposes.
  • πŸ‘€ A user account named 'incavi trainings' will be created for testing purposes with a password.
  • πŸ’» The hostname of the device needs to be set, which is crucial for creating the encryption keys.
  • 🌐 An IP domain name 'kbtronix.local' is assigned to the switch for the SSH session.
  • πŸ”‘ RSA keys are generated for encrypting the SSH session, with a choice between different key lengths.
  • πŸ”’ SSH version 2 is selected for its enhanced security over previous versions.
  • πŸ“‘ The switch's management VLAN is configured with an IP address to ensure network connectivity with the presenter's desktop.
  • πŸ“‘ Network profiles on the desktop are adjusted from 'public' to 'private' to allow pinging and connectivity from the switch.

Q & A

  • What is the main topic of the video?

    -The video is about configuring a Cisco switch for remote connectivity using SSH.

  • Why is SSH recommended over telnet for production environments?

    -SSH is recommended in production environments because it provides a secure connection, unlike telnet which sends data in plain text and is not secure.

  • What is the purpose of having console access to the device before configuring SSH?

    -Console access allows the initial configuration of the device, such as setting up an IP address, which is necessary for establishing an SSH connection.

  • What is the significance of creating an enable password for SSH sessions?

    -An enable password is required for security reasons to prevent unauthorized access to the enabled mode when connected via SSH.

  • Why is it necessary to create a user for SSH access?

    -Creating a user with a password allows for secure and authenticated access to the device via SSH.

  • What is the role of the hostname in SSH configuration?

    -The hostname is crucial as it is used in creating the key for the SSH session, along with the IP domain name.

  • What is the purpose of assigning an IP domain name to the switch?

    -Assigning an IP domain name helps in identifying the switch uniquely in the network and is used for encryption during the SSH session.

  • What is the command used to create RSA keys on the Cisco switch?

    -The command used to create RSA keys is 'crypto key generate RSA'.

  • Why is SSH version 2 considered more secure than version 1?

    -SSH version 2 offers stronger encryption algorithms and improved security features compared to version 1.

  • What does the 'login local' command do in the context of SSH configuration?

    -The 'login local' command configures the switch to authenticate users locally, using the local user database created on the device.

  • How does the video demonstrate the importance of network profile settings in connectivity?

    -The video shows that the network profile setting needs to be set to 'private' to allow the switch to ping and connect to the computer, which was initially set to 'public' and not accepting connections.

  • What is the final step to establish an SSH session after configuring the switch?

    -The final step is to launch a new SSH session from the desktop, accepting the key from the switch, and logging in with the created user credentials.

Outlines

00:00

πŸ”’ Configuring SSH for Secure Remote Access on Cisco Devices

This paragraph outlines the process of configuring a Cisco switch for remote access using SSH, emphasizing the importance of secure connections in production environments. The speaker introduces the topic, mentioning that the process is applicable to routers and firewalls as well. It highlights the use of console access for initial setup and the necessity of an enable password for SSH sessions. The paragraph also promotes a course on CCNA certification available on kbtrends.com, indicating that the video is part of a larger educational series. The speaker guides viewers through the initial steps, such as configuring an IP address and ensuring network connectivity before proceeding with SSH configuration.

05:02

πŸ› οΈ Finalizing SSH Setup and Testing Connectivity

In this paragraph, the speaker continues the SSH configuration process by creating an enable password and a user account for SSH access. The hostname of the switch is changed to 'sw1', and it's assigned to a domain name 'kbtrenings.local'. The creation of RSA keys for encryption during the SSH session is detailed, with a choice between key lengths, opting for 1024 bits for quicker generation. After generating the keys, the SSH version is updated to version 2 for enhanced security. The configuration concludes with setting up the vty lines to use local user authentication. The speaker then tests the SSH connection from a desktop, troubleshooting a connectivity issue related to network profile settings on the computer. Once resolved, the successful SSH connection is demonstrated, and the speaker reviews active sessions. The paragraph ends with a reminder to manage different brands and models of devices as an engineer and a prompt for viewers to engage with the content on social media and explore additional resources.

Mindmap

Keywords

πŸ’‘Cisco switch

A Cisco switch is a networking device that connects devices together on a computer network by using packet switching to facilitate data transmission. In the video, the Cisco switch is the primary device being configured for remote access via SSH, demonstrating its role in network infrastructure and security.

πŸ’‘SSH (Secure Shell)

SSH is a cryptographic network protocol for operating network services securely over an unsecured network. The video emphasizes the use of SSH over telnet for secure remote connectivity to critical devices or systems, highlighting the importance of secure communication in network administration.

πŸ’‘Console access

Console access refers to a direct connection to a device for administrative purposes, often through a serial or USB cable. The script mentions having console access to the Cisco switch, which is a prerequisite for configuring it for SSH, showing the progression from direct to remote management.

πŸ’‘CCNA (Cisco Certified Network Associate)

CCNA is a certification program offered by Cisco Systems for network professionals to validate their ability to install, configure, operate, and troubleshoot medium-sized routed and switched networks. The video is part of a course on CCNA, indicating the educational context and the professional relevance of the content.

πŸ’‘Enable password

An enable password is a security measure used to restrict access to privileged EXEC mode on network devices. The script explains the necessity of setting an enable password for remote SSH sessions, underlining the importance of securing access to advanced configuration modes.

πŸ’‘Hostname

A hostname is the label assigned to a device connected to a computer network and is used to identify the device in various forms of electronic communication. The video script describes changing the hostname of the Cisco switch, which is crucial for key generation and network identification.

πŸ’‘IP domain name

An IP domain name is a human-readable address used to identify a network host, which is mapped to an IP address. The script mentions assigning the switch to an IP domain name, which is part of the configuration process to ensure the device can be accurately located within a network.

πŸ’‘RSA Keys

RSA Keys refer to a pair of cryptographic keys used for both encrypting and decrypting data, where one key is public and the other is private. The video describes generating RSA keys for the SSH session, illustrating the use of public-key cryptography for secure communication.

πŸ’‘SSH version 2

SSH version 2 is an updated version of the SSH protocol that offers improved security features over its predecessor. The script specifies changing to SSH version 2, emphasizing the move towards more secure methods of remote access.

πŸ’‘VTY line

VTY lines, or Virtual Type lines, are used in network devices to configure terminal line parameters for remote access sessions. The script discusses configuring VTY lines to use local user authentication, showing the setup for allowing specific users to access the device remotely.

πŸ’‘Ping

Ping is a network administration tool used to test the connectivity between two networked devices by sending messages to the network host. The video includes using ping to verify connectivity between the switch and the desktop, demonstrating a basic network troubleshooting method.

Highlights

Introduction to configuring a Cisco switch for remote SSH connection, applicable to routers and firewalls.

SSH recommended over telnet for secure remote connectivity in production environments.

Pre-existing console access to the device is required for configuration.

Explanation of the necessity of an enable password for SSH sessions.

Creation of a test user 'incavi trainings' with a password for SSH access.

Importance of setting a hostname and IP domain name for key generation.

Assignment of a domain name 'kbtronix.local' to the switch.

Generation of RSA keys for SSH session encryption.

Upgrading SSH version to 2 for enhanced security.

Configuring the vty line for local user authentication.

Initial configuration prompt and manual setup choice.

Setting an IP address for the switch's management interface.

Troubleshoot inability to ping the desktop due to network profile settings.

Changing network profile from public to private to allow pings.

SSH connection preparation including enable password and user creation.

Hostname and domain name configuration for the switch.

Crypto key generation process and its duration.

SSH session initiation and key acceptance.

Login using the created user 'KB trainings' and troubleshooting.

Verification of active SSH and console sessions on the switch.

Conclusion summarizing the successful SSH connection setup.

Transcripts

play00:00

hey what's up guys today I'm going to

play00:01

show you how to configure a Cisco switch

play00:03

to connect remotely using SSH and this

play00:07

is the switch but this can also be

play00:08

applied to a Cisco router or Cisco

play00:10

firewall and SSH is recommended in

play00:13

production if you are in your lab you

play00:15

can use telnet which is by the way not

play00:17

secure everything is plain text but if

play00:19

you are in production dealing with

play00:20

critical devices or critical systems you

play00:23

need to use SSH for remote connectivity

play00:25

we already have console access to this

play00:28

device and we did that in a previous

play00:29

lesson actually this lab here is one of

play00:32

the many Labs that I'm creating on

play00:33

kbtrains.com for the course on the CCNA

play00:35

200 301 so if you are trying to start

play00:38

your career in the tech or you're trying

play00:40

to boost your career by taking and

play00:42

passing the CCNA certification the

play00:44

course goes from zero to engineer check

play00:46

it out on kbtrends.com so I showed you

play00:48

in the previous lesson how to connect

play00:50

using console so now we have the console

play00:53

connection to this device here it's

play00:56

right there okay so we can log into it

play00:58

and make sure that we have of nip

play01:00

configured so that we can connect to my

play01:03

desktop that I have here from where

play01:05

we're going to launch the SSH connection

play01:08

to this device and talking about SSH

play01:10

these are the different commands that

play01:12

we're going to use today first of all we

play01:14

need to create an enable password when

play01:17

you are connected to your SSH session

play01:19

you cannot go in the enabled mode if you

play01:21

don't have a password in it for security

play01:22

reasons so when you connect with the

play01:24

console cable you can go there without

play01:26

any problem but if you are remote you

play01:29

need to to have an enabled password and

play01:32

then after that we're going to create

play01:33

some users just a single user for test

play01:36

I'm going to create a user I'll call

play01:38

incavi trainings with a password and

play01:40

after that we need to change the

play01:42

hostname of our device because this is

play01:44

very crucial when we're going to create

play01:46

the key the host name and the IP domain

play01:48

name are going to be used and then I

play01:50

will assign the switch to an IP domain

play01:52

name that I'm going to call

play01:54

kbtronix.local which is just a random

play01:56

domain name that I made up and then

play01:58

we're going to create the RSA Keys the

play02:01

keys are going to be used for encryption

play02:03

for our SSH session and this is the

play02:06

command to create the new keys after

play02:08

that we can change the version of the

play02:10

SSH to version 2 which is more secure

play02:11

and then we'll have to go in the vty

play02:14

line I usually go 0 to 15 to make sure

play02:17

that we are using local users so we're

play02:20

going to say login local for the switch

play02:22

to use the users that we created locally

play02:25

I have access to the switch here as I

play02:27

said all right so now the switch is

play02:29

asking if you want to do some initial

play02:31

config I'll just say no I'll do

play02:32

everything manually

play02:33

and we are in one of the things I want

play02:37

to do is make sure we have an IP address

play02:39

and we can ping or we have connectivity

play02:42

with my desktop so I'm going to connect

play02:44

this ethernet cable to the port fast

play02:47

ethernet one here

play02:51

and by the way let me

play02:54

look at the vlans

play02:56

this is a brand new Switch not new but

play02:59

there's no configuration here so we have

play03:00

all the ports that are in the VLAN

play03:03

number one so we're going to configure

play03:05

the interface Villa number one to be our

play03:07

management interface and if you don't

play03:09

want these notifications to mess with

play03:11

you when you're tapping your command you

play03:13

need to go under

play03:16

um the config mode and because we are

play03:18

connected with the console cable I'll go

play03:19

on the Align console 0

play03:22

and I'll just do logging synchronous and

play03:25

that's enough to avoid those uh those

play03:28

notifications so now let's go and

play03:30

configure the NFS VLAN one

play03:33

NFS VLAN one

play03:35

I'll give it an IP address of

play03:39

192.168.1.99 and I'm going to make sure

play03:41

that the switch will be in the same

play03:43

network as my computer so the subnet

play03:47

mask is a slash 24.

play03:50

I usually do no shot just to make sure

play03:53

it's up

play03:54

and that's it let's see if we can ping

play03:57

our device ping

play04:00

192.168.1.100 this is the IP of my

play04:02

desktop

play04:03

I cannot ping it and I think I know why

play04:06

we need to go on the device itself and

play04:11

do ipconfig just to confirm the IP

play04:14

address we have

play04:16

192.168.1.100 which is good and one

play04:19

other thing is that if we look at

play04:21

Powershell

play04:24

um if I run this command here that is

play04:26

going to show me the different network

play04:27

profiles I have you can see that this

play04:30

connection is considered as public

play04:32

that's why the computer is protecting

play04:34

itself and doesn't accept anything by

play04:36

the way let's see if I can ping the

play04:38

switch from the desktop

play04:41

ping 192

play04:44

168.1.99 it's working so I know that the

play04:47

computer can reach the switch but it

play04:50

doesn't want to accept the connection

play04:51

from the switch and this is the command

play04:52

I use to change this network which is

play04:56

unidentified to change it to private

play04:59

once I do this

play05:02

it's going to be private and

play05:04

my switch can now ping my computer

play05:08

yes now it's successful so now we have

play05:10

to do is make sure that our switch is

play05:12

ready for the SSH connection I'm going

play05:14

to create the enable password oh let's

play05:16

go under the config mode

play05:18

enable password

play05:21

and the password is kind of obsolete I'm

play05:23

using this because it's the lab now it's

play05:25

recommended to use enable secret to

play05:27

create a password that is very secure

play05:29

but here I'm going to use juice enable

play05:31

password and I'll give it the password

play05:34

of Cisco for the enable and then after

play05:37

that I need to create a user called KB

play05:39

trainings

play05:40

and a password for the user the password

play05:43

will be Cisco

play05:45

and then after that I will need to

play05:47

change the host name of my device right

play05:48

now it's called switch I need to call it

play05:51

sw1

play05:53

and as I said I also need to assign it

play05:57

to a domain name so I'll do IP domain

play05:59

name

play06:01

called kbtrenings that local

play06:05

and after that we need to create the

play06:08

crypto Keys all the keys that are going

play06:10

to use for encryption the command is

play06:14

crypto

play06:15

key generate

play06:18

RSA I'm going to create some RSA keys

play06:21

and it's asking me for the length of the

play06:23

key or how many bits do I want to use

play06:25

I'm going to use 1024 just because it's

play06:28

shorter but I can use uh 2048 or

play06:31

whatever because 2048 on this device

play06:33

will take a while to to create the key

play06:35

so now the keys are being generated

play06:37

and it shouldn't take a long time

play06:41

all right so now that we have the keys

play06:44

generated we can see that there is a

play06:46

confirmation saying that SSH has been

play06:49

enabled so we can then change the

play06:51

version

play06:52

ipssh version to version 2 which is more

play06:55

secure and then I need to go in the vty

play06:58

line to tell my switch to use local

play07:03

users for authentication so I go 50 vty

play07:05

line 0 to 15.

play07:08

login local

play07:10

okay once I do that we should be ready

play07:12

for a new SSH session let's go ahead and

play07:15

launch a new session from here

play07:18

the IP is

play07:21

192.168.0 no that one that 99

play07:25

it's SSH going to the switch open

play07:28

it's asking me if I'm trusting the key

play07:30

that is coming from the switch and I'm

play07:33

just going to accept it once

play07:35

let me increase the size of the font

play07:38

here to maybe 24.

play07:44

24 26

play07:46

okay so login as KB trainings this is

play07:49

the user that we created

play07:51

password Cisco

play07:54

and notice that when you type the

play07:56

password it doesn't show up oh I think I

play07:59

tapped the wrong password okay so with

play08:01

the right password I mean here I can do

play08:03

enable and type Cisco as the password I

play08:06

am in again if I do show users

play08:10

it's going to show me the different

play08:11

sessions that we have to this device we

play08:13

can see that the console session that's

play08:15

in the back here is active and the store

play08:18

is on the session where I'm connected

play08:20

this is my session right here it's

play08:22

trying to figure out what's the location

play08:23

and after a moment my IP address should

play08:27

come here the IP of my desktop should

play08:29

show up here

play08:31

yep it's right there and if I do the

play08:34

same thing on the console session

play08:37

you can see that the star is on the

play08:40

console zero so we have console 0 and

play08:42

v2y0 all right guys that's all for this

play08:45

lesson here now we are able to connect

play08:47

to the device using SSH and again we

play08:50

have to go with the console cable to be

play08:52

able to set an IP on the device itself

play08:55

some devices or some of the brands

play08:57

because here we're talking about Cisco

play08:58

but as an engineer you should be able to

play09:00

manage or to deal with any brands or any

play09:03

model of device so some other devices

play09:05

can come with an IP already configured

play09:07

for management just need to know exactly

play09:09

what you're dealing with and how to do

play09:11

initial config on that device thank you

play09:14

for watching I hope you liked it if you

play09:15

liked the video like it on YouTube and

play09:17

subscribe to the channel also follow me

play09:18

on Facebook Instagram and Twitter and if

play09:21

you like this video you can also like

play09:22

the installation of my home switch that

play09:24

I'm going to leave right here you can go

play09:26

and check it out and the whole playlist

play09:28

is in the description thank you so much

play09:30

and I'll see you in the next one take

play09:31

care and bye

Browse More Related Video

Hardening Access to Your Server | Linux Security Tutorial

SSH Keys

How SSH Works

Self Host 101 - Set up and Secure Your Own Server

VS Code Remote SSH - How to Set Up Passwordless connection

SSH Tutorial System Commands

Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Cisco SwitchSSH SetupRemote AccessNetwork SecurityTech TutorialCCNA CourseEnable PasswordRSA KeysIP DomainConsole AccessNetwork Management