FREE CCNA Lab 023: SSH / VTY lines
Summary
TLDRThis CCNA Packet Tracer lab tutorial guides viewers through setting up a secure SSH connection between a switch and a router. Key steps include configuring hostnames, IP addresses, a DNS domain, creating a user account, generating SSH keys, and enabling SSH on vty lines. The video also demonstrates connecting to devices via SSH from a PC, highlighting the security benefits over Telnet.
Takeaways
- 🔐 **SSH Introduction**: The video introduces SSH (Secure Shell) as a secure method for connecting to network devices, encrypting data packets to prevent unauthorized access.
- 💻 **Lab Setup**: The lab is designed to practice configuring SSH on network devices, similar to previous labs but with a focus on security.
- 🌐 **Hostname Configuration**: The first step in setting up SSH is to configure the hostname of each device using the 'hostname' command.
- 📍 **IP Address Configuration**: Devices must have IP addresses assigned to their interfaces for SSH connectivity, which is configured in the lab.
- 👤 **User Account Creation**: A single user account is created on each device for SSH login purposes, emphasizing case sensitivity for passwords.
- 🌐 **DNS Domain Name Setup**: Configuring a DNS domain name is required for SSH and the lab uses 'cisco.com' as the domain.
- 🔑 **SSH Key Generation**: SSH keys are generated for encrypting packets, with a modulus size of 1024 specified in the lab.
- #️⃣ **VTY Line Configuration**: VTY lines are configured to allow only SSH connections, with settings for local login and a timeout for inactive sessions.
- 🔒 **SSH Version 2**: SSH version 2 is recommended over version 1 for its improved security features.
- 🖥️ **Testing SSH Connection**: The lab concludes with testing SSH connections from a PC to network devices, demonstrating the difference between SSH and Telnet commands.
Q & A
What is the purpose of this CCNA lab practice?
-The purpose of this lab is to practice configuring SSH (Secure Shell) on Cisco devices to establish secure connections between switches and routers.
Why is SSH preferred over Telnet for remote device access?
-SSH is preferred because it encrypts packets between devices, making the data unreadable even if intercepted by an attacker, whereas Telnet sends data in plain text.
What are the four main requirements for configuring SSH on a Cisco device?
-The four requirements are: 1) Set a hostname using the `hostname` command, 2) Configure a DNS domain name using the `ip domain-name` command, 3) Generate the SSH key using `crypto key generate rsa`, and 4) Enable SSH on the vty lines.
What is the purpose of configuring a hostname on a device?
-The hostname is required as part of the SSH configuration to uniquely identify the device. It is a prerequisite for generating the RSA keys.
What command is used to set the hostname of a device?
-The command is `hostname [desired_name]`. For example, `hostname R1` sets the hostname of a router to R1.
Why is a domain name required for SSH configuration?
-A domain name is necessary because it is used in the process of generating the RSA keys for encryption, linking the device's hostname to a specific domain.
What command is used to generate the SSH RSA keys and why is the key size important?
-The command is `crypto key generate rsa`. The key size (modulus) is important as it determines the strength of the encryption, with larger sizes providing stronger security.
How do you restrict the vty lines to use SSH only and disable Telnet?
-Use the command `transport input ssh` under the vty line configuration mode to restrict access to SSH only.
What command is used to set the inactivity timeout for vty lines?
-The command is `exec-timeout [minutes]` to specify the number of minutes before an inactive session is terminated. For example, `exec-timeout 5` sets a 5-minute timeout.
How do you enable SSH version 2 on a Cisco device and why is it recommended?
-SSH version 2 can be enabled with the command `ip ssh version 2`. It is recommended because it offers improved security over SSH version 1, addressing known vulnerabilities.
How can you test SSH connectivity from a PC to a device using a command?
-You can use the command `ssh -l [username] [device IP]`. For example, `ssh -l Cisco 192.168.1.1` attempts to connect to a device at 192.168.1.1 using the username 'Cisco'.
Outlines
🔐 Introduction to CCNA Packet Tracer Lab with SSH
This paragraph introduces a free CCNA Packet Tracer lab focused on setting up a more secure connection between devices using SSH (Secure Shell) instead of Telnet. The lab requires four main steps: configuring the hostname of the devices, setting up IP addresses, creating a user account for login, and configuring the DNS domain name. The lab emphasizes the importance of SSH for encrypting data packets, preventing unauthorized access. The presenter also encourages viewers to try the lab on their own before watching the video for guidance or to check their solution.
🛠️ Configuring SSH on Network Devices
The second paragraph details the steps to configure SSH on network devices. It starts with configuring the hostnames for 'switch 1' and 'r1'. Then, it proceeds to assign IP addresses to the devices and set up the VLAN 1 interface on 'switch 1'. The paragraph continues with creating a user account 'Cisco' with a password 'CCNA' on both devices, emphasizing the case sensitivity of passwords. It then describes setting the DNS domain name to 'cisco.com', generating SSH keys with a modulus size of 1024 for encryption, and configuring the vty lines to allow SSH connections with a five-minute inactivity timeout. The paragraph concludes with enabling SSH version 2 for improved security and attempting to connect to the devices from PC1 using SSH, successfully accessing 'switch 1' and 'r1'.
Mindmap
Keywords
💡CCNA
💡Packet Tracer
💡SSH
💡Telnet
💡Hostname
💡DNS Domain Name
💡SSH Key
💡VTY Lines
💡Transport Input
💡Exec Timeout
💡SSH Version 2
Highlights
Introduction to a free CCNA Packet Tracer practice lab.
Lab file can be downloaded from the link in the description.
Support the creator via Patreon or cryptocurrency.
Lab focuses on using SSH for a more secure connection.
SSH encrypts packets to prevent interception by attackers.
Four requirements for configuring SSH are outlined.
Step-by-step guide to configure the hostname.
Configuring IP addresses for the devices.
Creating a single user account for SSH login.
Configuring the DNS domain name for SSH.
Generating SSH keys for packet encryption.
Configuring the vty lines for SSH connections.
Enabling SSH version 2 for improved security.
Testing SSH connection from PC1 to the devices.
Demonstration of failed Telnet due to SSH configuration.
Successful SSH connection using the correct command.
Difference between Telnet and SSH commands highlighted.
Encouragement to subscribe for future weekly labs.
Invitation for lab requests and support through Patreon.
Acceptance of Bitcoin, Ethereum, and BAT donations.
Transcripts
welcome to this free CCNA packet tracer
practice lab you can download the lab
file from the link in the description if
you like these labs please consider
supporting me via my patreon or the
cryptocurrency options in the
description this lab will be similar to
the previous lab in which we use telnet
to connect to a switch and router in
this lab however we will use the more
secure option SSH which stands for
secure shell ssh is more secure because
it encrypts packets between the devices
so that even if the packets are
intercepted by an attacker they can't be
read there are a few extra steps
involved in configuring SSH but it's not
so complicated the four requirements are
first you must use the hostname command
to configure the hostname of the device
to reinforce this I haven't
pre-configured the host names of the
devices for this lab second you must
configure the DNS domain name using the
IP domain name command third you must
generate the SSH key to be used to
encrypt the packets and fourth SSH must
be enabled on the vqi lines we will go
through these steps and a couple others
in this lab try to complete the lab
yourself first then continue watching
this video if you have trouble or watch
it after to check your solution if you
haven't learned the commands necessary
to complete the tasks yet in your
studies feel free to watch this video to
learn them
step one is to configure the host names
of switch 1 and r1 this is a requirement
for SSH so let's do that now on switch 1
first enable comte hostname switch 1 now
on r1 enable compte hostname r1 there we
go step 2 is to configure that IP
addresses indicated this is the same as
in the previous lab I'll start on our 1
first since we're already here interface
g00 IP address 192.168.1.1 255.255.255.0
no shutdown because the interface is
disabled by default now let's configure
a switch ones VLAN 1 interface interface
VLAN 1 IP address 192.168.1.1 4 5.0 no
shutdown that's all for step 2 step 3 is
to configure a single user account on
each device which we will use to login
to the device when we SSH from pc1 on
switch 1 first exit username Cisco
password CCNA I've said it many times
before but remember passwords are case
sensitive now on our one exit username
cisco password CCNA that's all for step
3 step 4 is to configure a dns domain
name on each device this is an another
required step for configuring SSH and we
will use a domain name of cisco.com for
this lab this only requires one command
here on our 1 first IP domain name
cisco.com
that's it now on switch one IP domain
name Cisco calm that's all for step four
Step five is to generate the keys used
to encrypt the packets this is done with
this command crypto key generate RSA now
we are asked for the modulus size the
length of the keys used for the
encryption and decryption process
we're instructed to use 1024 there we go
now let's do the same on our one crypto
key generate RSA 1024 that's all for
step 5
step six is now to configure the vty
lines there are a few requirements and
let's configure them one by one on our
one first line vty 0 15 again meaning
line 0 through 15 login local that's the
same command used last time meaning we
will have to use the user account we
created previously to log into the vty
lines when we connect transport input
last time we use telnet now we'll enter
SSH
this will allow only SSH not telnet to
be used to connect to the vty lines the
third requirement for this lab is to
terminate connections after five minutes
of inactivity this is an important
security measure it is done with this
command exact timeout now I'll use the
question mark any time you have to input
some amount of time check the unit of
time used for the commands you don't
want to enter 5 for 5 minutes if it ends
up being 5 seconds in this case we can
see it is entered in minutes so I'll
just enter 5 always remember that for
commands involving time now I'll quickly
hop on switch 1 and enter the same
commands line vty 0 15 login local
transport input ssh exec timeout 5
that's all for step 6
step seven is to enable SSH version 2
version 2 improves on weaknesses of
version 1 if you want to learn more
about this sort of thing I recommend
pursuing Cisco's security certification
path where you will learn all about this
sort of thing for now just remember that
you should use SSH version 2 whenever
possible you can enable it with this
command exit IP SSH version 2 that's it
now we'll do it on our one exit IP SSH
version 2 that's it
finally let's see if we can connect to
the command line of each device from pc1
by using SSH first let's see if telnet
works
I'll try to tell net to switch one
telnet 192.168.1.2 as you can see it
doesn't work this is because of that
transport input SSH command we used
before now let's try SSH that is done
with this command SSH - L Cisco Cisco
being the username we are connecting
with which we configured on switch 1 and
R 1 followed by the IP address
192.168.1.1 tur the password of CCNA in
all caps and there we go we're on switch
1 now I'll type exit and try r1 SSH - L
Cisco 192.168.1.1 password of CCNA and
now we're on our one take note of the
difference between the command used to
tell net and the command used to SSH
onto the switches and routers these are
the standard commands used on windows
anyway that's all for this lab
thank you for watching I hope this lab
and video have been helpful for you
please subscribe for future labs like
this which will be released weekly if
you have requests for any specific labs
let me know in the comment section if
you want to support my channel please
consider contributing to my patreon
patreon comm / Jeremy's IT lab I accept
Bitcoin and aetherium donations via the
addresses in the description I am also a
brave verified publisher and accept bat
or basic attention token donations in
the brave browser
浏览更多相关视频
How To Configure SSH On A Cisco Device | Secure Connection
VS Code Remote SSH - How to Set Up Passwordless connection
2.9.1 Packet Tracer - Basic Switch and End Device Configuration
How To: Custom Domain For EC2 Web Server (3 Min) | AWS Route 53 | Using A DNS Record In Hosted Zone
Cybersecurity Project | Wireshark Packet Analysis
Self Host 101 - Set up and Secure Your Own Server
5.0 / 5 (0 votes)