FREE CCNA Lab 023: SSH / VTY lines

Jeremy's IT Lab
5 Jun 201909:13

Summary

TLDRThis CCNA Packet Tracer lab tutorial guides viewers through setting up a secure SSH connection between a switch and a router. Key steps include configuring hostnames, IP addresses, a DNS domain, creating a user account, generating SSH keys, and enabling SSH on vty lines. The video also demonstrates connecting to devices via SSH from a PC, highlighting the security benefits over Telnet.

Takeaways

  • 🔐 **SSH Introduction**: The video introduces SSH (Secure Shell) as a secure method for connecting to network devices, encrypting data packets to prevent unauthorized access.
  • 💻 **Lab Setup**: The lab is designed to practice configuring SSH on network devices, similar to previous labs but with a focus on security.
  • 🌐 **Hostname Configuration**: The first step in setting up SSH is to configure the hostname of each device using the 'hostname' command.
  • 📍 **IP Address Configuration**: Devices must have IP addresses assigned to their interfaces for SSH connectivity, which is configured in the lab.
  • 👤 **User Account Creation**: A single user account is created on each device for SSH login purposes, emphasizing case sensitivity for passwords.
  • 🌐 **DNS Domain Name Setup**: Configuring a DNS domain name is required for SSH and the lab uses 'cisco.com' as the domain.
  • 🔑 **SSH Key Generation**: SSH keys are generated for encrypting packets, with a modulus size of 1024 specified in the lab.
  • #️⃣ **VTY Line Configuration**: VTY lines are configured to allow only SSH connections, with settings for local login and a timeout for inactive sessions.
  • 🔒 **SSH Version 2**: SSH version 2 is recommended over version 1 for its improved security features.
  • 🖥️ **Testing SSH Connection**: The lab concludes with testing SSH connections from a PC to network devices, demonstrating the difference between SSH and Telnet commands.

Q & A

  • What is the purpose of this CCNA lab practice?

    -The purpose of this lab is to practice configuring SSH (Secure Shell) on Cisco devices to establish secure connections between switches and routers.

  • Why is SSH preferred over Telnet for remote device access?

    -SSH is preferred because it encrypts packets between devices, making the data unreadable even if intercepted by an attacker, whereas Telnet sends data in plain text.

  • What are the four main requirements for configuring SSH on a Cisco device?

    -The four requirements are: 1) Set a hostname using the `hostname` command, 2) Configure a DNS domain name using the `ip domain-name` command, 3) Generate the SSH key using `crypto key generate rsa`, and 4) Enable SSH on the vty lines.

  • What is the purpose of configuring a hostname on a device?

    -The hostname is required as part of the SSH configuration to uniquely identify the device. It is a prerequisite for generating the RSA keys.

  • What command is used to set the hostname of a device?

    -The command is `hostname [desired_name]`. For example, `hostname R1` sets the hostname of a router to R1.

  • Why is a domain name required for SSH configuration?

    -A domain name is necessary because it is used in the process of generating the RSA keys for encryption, linking the device's hostname to a specific domain.

  • What command is used to generate the SSH RSA keys and why is the key size important?

    -The command is `crypto key generate rsa`. The key size (modulus) is important as it determines the strength of the encryption, with larger sizes providing stronger security.

  • How do you restrict the vty lines to use SSH only and disable Telnet?

    -Use the command `transport input ssh` under the vty line configuration mode to restrict access to SSH only.

  • What command is used to set the inactivity timeout for vty lines?

    -The command is `exec-timeout [minutes]` to specify the number of minutes before an inactive session is terminated. For example, `exec-timeout 5` sets a 5-minute timeout.

  • How do you enable SSH version 2 on a Cisco device and why is it recommended?

    -SSH version 2 can be enabled with the command `ip ssh version 2`. It is recommended because it offers improved security over SSH version 1, addressing known vulnerabilities.

  • How can you test SSH connectivity from a PC to a device using a command?

    -You can use the command `ssh -l [username] [device IP]`. For example, `ssh -l Cisco 192.168.1.1` attempts to connect to a device at 192.168.1.1 using the username 'Cisco'.

Outlines

00:00

🔐 Introduction to CCNA Packet Tracer Lab with SSH

This paragraph introduces a free CCNA Packet Tracer lab focused on setting up a more secure connection between devices using SSH (Secure Shell) instead of Telnet. The lab requires four main steps: configuring the hostname of the devices, setting up IP addresses, creating a user account for login, and configuring the DNS domain name. The lab emphasizes the importance of SSH for encrypting data packets, preventing unauthorized access. The presenter also encourages viewers to try the lab on their own before watching the video for guidance or to check their solution.

05:05

🛠️ Configuring SSH on Network Devices

The second paragraph details the steps to configure SSH on network devices. It starts with configuring the hostnames for 'switch 1' and 'r1'. Then, it proceeds to assign IP addresses to the devices and set up the VLAN 1 interface on 'switch 1'. The paragraph continues with creating a user account 'Cisco' with a password 'CCNA' on both devices, emphasizing the case sensitivity of passwords. It then describes setting the DNS domain name to 'cisco.com', generating SSH keys with a modulus size of 1024 for encryption, and configuring the vty lines to allow SSH connections with a five-minute inactivity timeout. The paragraph concludes with enabling SSH version 2 for improved security and attempting to connect to the devices from PC1 using SSH, successfully accessing 'switch 1' and 'r1'.

Mindmap

Keywords

💡CCNA

CCNA stands for Cisco Certified Network Associate, which is an entry-level certification program offered by Cisco Systems. It is designed to provide network professionals with the skills needed to install, operate, and troubleshoot a small to medium-sized enterprise branch network. In the context of the video, the CCNA certification is referenced as a point of interest for viewers who might be studying for it, and the password 'CCNA' is used as an example password for the SSH login.

💡Packet Tracer

Packet Tracer is a network simulation program developed by Cisco Systems. It allows users to create network topologies and simulate the behavior of the devices within those networks. The video script mentions a 'free CCNA Packet Tracer practice lab,' indicating that the lab is designed to help users practice their networking skills in a simulated environment.

💡SSH

SSH stands for Secure Shell, a protocol used to securely access a remote computer or server over a network. It encrypts the session to prevent unauthorized access and eavesdropping. In the video, SSH is the main topic, as the lab focuses on configuring SSH for secure connections between devices, replacing the less secure Telnet protocol.

💡Telnet

Telnet is an older protocol used for remote access to network devices. Unlike SSH, Telnet does not encrypt the data transmitted, making it insecure for sensitive information. The video script contrasts SSH with Telnet, emphasizing the importance of using SSH for secure connections, as indicated by the line 'telnet 192.168.1.2 as you can see it doesn't work'.

💡Hostname

A hostname is the human-readable name assigned to a device connected to a network. In the script, configuring the hostname of a device is listed as the first step in setting up SSH, as it is a requirement for the protocol to function correctly. The command 'hostname switch1' is used to set the hostname of the switch.

💡DNS Domain Name

The DNS Domain Name is used to configure the domain name for a network device, which is necessary for certain services like SSH to function. In the video, setting the DNS domain name with the command 'IP domain name cisco.com' is mentioned as a required step for SSH configuration.

💡SSH Key

An SSH key is a pair of cryptographic keys used for authenticating to an SSH server. The key generation process, as described in the script with the command 'crypto key generate RSA', creates a public and private key pair. The public key is stored on the server, and the private key is kept secret by the user. This is a critical step for enabling SSH, as it secures the communication channel.

💡VTY Lines

VTY lines refer to Virtual Type lines, which are used to configure the virtual interfaces for remote access on network devices. In the script, configuring VTY lines with commands like 'line vty 0 15' is part of setting up SSH, specifying which lines will accept SSH connections and how they should behave.

💡Transport Input

The 'transport input' command is used to specify the protocol that can be used to access the VTY lines. In the script, 'transport input ssh' is used to restrict access to the VTY lines to SSH only, thereby enhancing security by disabling Telnet access.

💡Exec Timeout

The 'exec timeout' command is used to set the idle timeout for a user session. In the script, 'exec timeout 5' is used to terminate connections after five minutes of inactivity, which is a security measure to prevent unauthorized access through idle sessions.

💡SSH Version 2

SSH Version 2 is the second version of the SSH protocol, which improved upon the security weaknesses of the original SSH protocol. The script mentions enabling SSH version 2 with 'IP SSH version 2', emphasizing the use of this version for better security over SSH Version 1.

Highlights

Introduction to a free CCNA Packet Tracer practice lab.

Lab file can be downloaded from the link in the description.

Support the creator via Patreon or cryptocurrency.

Lab focuses on using SSH for a more secure connection.

SSH encrypts packets to prevent interception by attackers.

Four requirements for configuring SSH are outlined.

Step-by-step guide to configure the hostname.

Configuring IP addresses for the devices.

Creating a single user account for SSH login.

Configuring the DNS domain name for SSH.

Generating SSH keys for packet encryption.

Configuring the vty lines for SSH connections.

Enabling SSH version 2 for improved security.

Testing SSH connection from PC1 to the devices.

Demonstration of failed Telnet due to SSH configuration.

Successful SSH connection using the correct command.

Difference between Telnet and SSH commands highlighted.

Encouragement to subscribe for future weekly labs.

Invitation for lab requests and support through Patreon.

Acceptance of Bitcoin, Ethereum, and BAT donations.

Transcripts

play00:00

welcome to this free CCNA packet tracer

play00:03

practice lab you can download the lab

play00:05

file from the link in the description if

play00:08

you like these labs please consider

play00:10

supporting me via my patreon or the

play00:12

cryptocurrency options in the

play00:14

description this lab will be similar to

play00:18

the previous lab in which we use telnet

play00:20

to connect to a switch and router in

play00:23

this lab however we will use the more

play00:25

secure option SSH which stands for

play00:29

secure shell ssh is more secure because

play00:33

it encrypts packets between the devices

play00:35

so that even if the packets are

play00:37

intercepted by an attacker they can't be

play00:40

read there are a few extra steps

play00:44

involved in configuring SSH but it's not

play00:46

so complicated the four requirements are

play00:50

first you must use the hostname command

play00:53

to configure the hostname of the device

play00:55

to reinforce this I haven't

play00:58

pre-configured the host names of the

play00:59

devices for this lab second you must

play01:03

configure the DNS domain name using the

play01:06

IP domain name command third you must

play01:10

generate the SSH key to be used to

play01:12

encrypt the packets and fourth SSH must

play01:16

be enabled on the vqi lines we will go

play01:19

through these steps and a couple others

play01:21

in this lab try to complete the lab

play01:24

yourself first then continue watching

play01:26

this video if you have trouble or watch

play01:28

it after to check your solution if you

play01:31

haven't learned the commands necessary

play01:32

to complete the tasks yet in your

play01:34

studies feel free to watch this video to

play01:37

learn them

play01:40

step one is to configure the host names

play01:42

of switch 1 and r1 this is a requirement

play01:46

for SSH so let's do that now on switch 1

play01:50

first enable comte hostname switch 1 now

play01:59

on r1 enable compte hostname r1 there we

play02:07

go step 2 is to configure that IP

play02:10

addresses indicated this is the same as

play02:13

in the previous lab I'll start on our 1

play02:16

first since we're already here interface

play02:19

g00 IP address 192.168.1.1 255.255.255.0

play02:27

no shutdown because the interface is

play02:30

disabled by default now let's configure

play02:33

a switch ones VLAN 1 interface interface

play02:39

VLAN 1 IP address 192.168.1.1 4 5.0 no

play02:48

shutdown that's all for step 2 step 3 is

play02:56

to configure a single user account on

play02:58

each device which we will use to login

play03:00

to the device when we SSH from pc1 on

play03:04

switch 1 first exit username Cisco

play03:08

password CCNA I've said it many times

play03:13

before but remember passwords are case

play03:15

sensitive now on our one exit username

play03:22

cisco password CCNA that's all for step

play03:27

3 step 4 is to configure a dns domain

play03:31

name on each device this is an another

play03:35

required step for configuring SSH and we

play03:39

will use a domain name of cisco.com for

play03:42

this lab this only requires one command

play03:46

here on our 1 first IP domain name

play03:51

cisco.com

play03:53

that's it now on switch one IP domain

play03:59

name Cisco calm that's all for step four

play04:06

Step five is to generate the keys used

play04:09

to encrypt the packets this is done with

play04:12

this command crypto key generate RSA now

play04:19

we are asked for the modulus size the

play04:21

length of the keys used for the

play04:22

encryption and decryption process

play04:25

we're instructed to use 1024 there we go

play04:30

now let's do the same on our one crypto

play04:35

key generate RSA 1024 that's all for

play04:41

step 5

play04:45

step six is now to configure the vty

play04:48

lines there are a few requirements and

play04:51

let's configure them one by one on our

play04:54

one first line vty 0 15 again meaning

play04:59

line 0 through 15 login local that's the

play05:05

same command used last time meaning we

play05:07

will have to use the user account we

play05:08

created previously to log into the vty

play05:10

lines when we connect transport input

play05:14

last time we use telnet now we'll enter

play05:17

SSH

play05:18

this will allow only SSH not telnet to

play05:22

be used to connect to the vty lines the

play05:26

third requirement for this lab is to

play05:27

terminate connections after five minutes

play05:29

of inactivity this is an important

play05:32

security measure it is done with this

play05:35

command exact timeout now I'll use the

play05:39

question mark any time you have to input

play05:42

some amount of time check the unit of

play05:45

time used for the commands you don't

play05:48

want to enter 5 for 5 minutes if it ends

play05:50

up being 5 seconds in this case we can

play05:54

see it is entered in minutes so I'll

play05:56

just enter 5 always remember that for

play05:59

commands involving time now I'll quickly

play06:03

hop on switch 1 and enter the same

play06:06

commands line vty 0 15 login local

play06:14

transport input ssh exec timeout 5

play06:20

that's all for step 6

play06:24

step seven is to enable SSH version 2

play06:28

version 2 improves on weaknesses of

play06:31

version 1 if you want to learn more

play06:34

about this sort of thing I recommend

play06:35

pursuing Cisco's security certification

play06:38

path where you will learn all about this

play06:40

sort of thing for now just remember that

play06:43

you should use SSH version 2 whenever

play06:45

possible you can enable it with this

play06:48

command exit IP SSH version 2 that's it

play06:55

now we'll do it on our one exit IP SSH

play07:02

version 2 that's it

play07:07

finally let's see if we can connect to

play07:10

the command line of each device from pc1

play07:12

by using SSH first let's see if telnet

play07:18

works

play07:19

I'll try to tell net to switch one

play07:23

telnet 192.168.1.2 as you can see it

play07:30

doesn't work this is because of that

play07:31

transport input SSH command we used

play07:34

before now let's try SSH that is done

play07:39

with this command SSH - L Cisco Cisco

play07:45

being the username we are connecting

play07:47

with which we configured on switch 1 and

play07:49

R 1 followed by the IP address

play07:52

192.168.1.1 tur the password of CCNA in

play07:58

all caps and there we go we're on switch

play08:01

1 now I'll type exit and try r1 SSH - L

play08:08

Cisco 192.168.1.1 password of CCNA and

play08:15

now we're on our one take note of the

play08:19

difference between the command used to

play08:21

tell net and the command used to SSH

play08:23

onto the switches and routers these are

play08:26

the standard commands used on windows

play08:29

anyway that's all for this lab

play08:33

thank you for watching I hope this lab

play08:36

and video have been helpful for you

play08:38

please subscribe for future labs like

play08:40

this which will be released weekly if

play08:43

you have requests for any specific labs

play08:46

let me know in the comment section if

play08:48

you want to support my channel please

play08:51

consider contributing to my patreon

play08:53

patreon comm / Jeremy's IT lab I accept

play08:58

Bitcoin and aetherium donations via the

play09:00

addresses in the description I am also a

play09:04

brave verified publisher and accept bat

play09:07

or basic attention token donations in

play09:09

the brave browser

浏览更多相关视频

How To Configure SSH On A Cisco Device | Secure Connection

VS Code Remote SSH - How to Set Up Passwordless connection

2.9.1 Packet Tracer - Basic Switch and End Device Configuration

How To: Custom Domain For EC2 Web Server (3 Min) | AWS Route 53 | Using A DNS Record In Hosted Zone

Cybersecurity Project | Wireshark Packet Analysis

Self Host 101 - Set up and Secure Your Own Server

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
相关标签
CCNA LabCisco SSHNetwork SecurityTelnet vs SSHIT TutorialsEncryptionSecure ShellRouter ConfigSwitch SetupCybersecurity
您是否需要英文摘要?