16.4.7 Lab - Configure Network Devices with SSH

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

configure network devices with SSH secure shell built this topology for the 3:21 rather or r1 switch 2960 has one pc connect use the copper a straight-through cable your bit 0 0 1 2 rather to faceted modified on switch for settle not 6 on switch to PC dressing-table rather one that once which one that 11 PCA 1.3 secure shell is another word protocol that establishes a secure terminal emulation connection to a router or other networking device SSH encrypts all information that passes over the network link and provides authentication of the remote computer SSH is most often used to login to a remote device and execute comments however it can also transfer files using the Associated secure FTP SFTP or secure copy as it be protocols required resources on real lab a router for the 221 on a real lab switch 2960 and widows PC consult cables and internet cables on reality Rifai the devices are erase it otherwise you need to remove them or erase the Astaroth configuration and reload switches and routers configure the router consult into the rather use console cable from PC to the router from rs-232 port on the PC to the rather open support PC a that stop terminal okay and would you like to enter initial configuration now if you see this message on your router that means you rather is completely erasing enable privilege exit modes enable under configuration mode configure terminal disable DNS lookup to prevent the router from attempting to translate incorrectly entered comments as though they were hot knives now I be the main lookup sign classes the privilege exit encrypted passwords enabled secret + secret under Sciences cos the console password and enable logging enter to line console 0 set the password Cisco and enable that password with the log in common a scientist the video ID password and enable logging enter to line vty from 0 to 15 set the password Cisco enable logging encrypt the plaintext password that's it service password encryption create a banner that will warn anyone accessing the device that another I see that says is prohibit banner message of the day when outer eyes access is for him they configure and activate you have in 0:01 interface on the router using the information contained in the dressing-table just this gigabit zeros here one interface you got it 0 0 1 IP others when 81-68 1 1 subnet mask enable the interface with the nation' down comment save the running of iteration to the startup configuration file and copy running-config - coffees enter and a coffee your PC a IP address subnet mask default gateway use this 1.3 default gateway 1.1 close the terminal of an IP configuration on I 2 and 60 a 1 2 3 subnet mask default gateway 1.1 verify network connectivity pins are one from VC a its ASPCA go to comma prom then pink to the router the IP address of the router is this one that one pink 182 and 6e a 1.1 success computer router for SSH access use internet to connect a network device is a security risk because all the information is transmitted in clear text format SSH encrypts in session data and revised device authentication which is why SSH is recommended for remote connections you will configure the router to accept SSH connections over the vty lines configure the bounced device authentication the device name and the main are used as part of the crypto key when it is generated therefore these names must be entered prior to issuing the crypto key comment configure device name ok access to the router with console cable with the terminal program global configuration mode with configure terminal then set the hostname r1 domain name IP the main - name for example CCNA - love calm or choose any other domain configure the encryption key methods so get the right eye a key a crypto key crypto key again right RSA modulus 1024 bits under the packet tracer does not support this common this common is supported on a real device the packet tracer acept the following commands to do the same process crypto key generate RSA enter multi lose 1024 very nice configure a local database username configure a username using admin as username and AD my MP this corrupt over five five is the password username admin and set this password but G's encrypted password with the secret keywords then apply the password case a city a the one and P this character five five enter very good enable SSH on bdy lights they will tell that a message on the inbound the divine lines using the transform input comment first of all access to vty lines line vty from 0 to 15 remember 0 to 15 are 16 connections from 0 to 15 you have 16 now transport input telnet SSH why tell net SSH because in a world telnet and ssh on vty lines ety line terminal ssh enter rocket racer does not support this common but this command is supported by a real device if you have a real router you can set the transfer input to tell that and also for saij a pocket racer you can select only one or tell that or SSH only one so I will use only SSH enter the command is accepted continue change the logging method to use the local database for user verification and apply logging local ok the logging will use the local database and local database has the username admin and the password so you will use this username on the local database for SSH access site running configuration to startup configuration and copy running-config to stir up config enter under establish SSH connection to the router starter town from PCI on a real device on a real PC teraterm is the program that you can use to access to access using SSH this is the this is the program if you cannot if you want to connect and there are kiddo enter here the IP address of the router 120 to 160 a 1.1 use port 22 for SSH and select fear SH then click on ok also to access SSH you can use Beauty you can set here the IP address of the router and here the SSH on port 22 then open to connect the router on my rear love with um pocket racer there are two methods okay exit from terminal go to command prompt the first method is used as a search option ll4 is not one is l - l the username admin the IP address for the for the device this is the IP address of the router this is H option l @ mean that is the username configurate on the router to access the sage and the others of the rather press enter the password is this remember the password for administers k sensitive a d M 1 and P character 5 5 enter then you will see the banner and prompt from R 1 enable and the password for enable is class you have the access using SSH XE there are there is another method down here telnet SSH client use SSH the IP address username admin cannot set the password ID and one hand he the character 5 huh very nice let's see yes close this no it's yes ok configure switch for SSH access configure basic settings on the switch called console into the switch ok change the console to the switch console port on switch go pci terminar okay enter privileged access mode enabled configuration mode configure terminal disable dns lookup no IP the main the cup class as the privilege exit encrypted password enabled secret class cisco as the console password and enable logging cisco as the vty password and enable logging access console line console 0 password cisco logging the line vty 0 to 15 password cisco logging exit encrypt the plaintext password service password encryption great banner banner message of the day when configured activate the belong wrong interface on the switch according to the addressed table the built on interface is belong 1 and use this IP address 1.11 interface vlan1 type the others and i2 and 6ei 1.11 subnet mask 24 and don't forget enable this interface no shutdown enter exit and said that the fall gateway IP gateway 182 and 6ei 1.1 save the running of in relation to the startup configuration and copy run me don't start of comfy under configure the switch for SSH connectivity the same commands that you use it to configure SSH on the router device name configure terminal device name is configured on global configuration waltz first name as one the main I believe may name this here like lab comm encrypted key crypto key right I was more to lose 1024 bits this command is not supported by pocket racer but should be supported for a real switch the comet accepted on Pocket tri-service this crypto key generate our site and set the modulus to 1034 very nice computer lock on database username use the same username username admin the secret password the encrypted password should be this if the encrypted password the secret password ad m1 and P this character v v ke sensitive and the and I want another necessary on the video highlights access to be the white knight BTY live device vo 250 sorry exit line vty 0 to 15 and enable telnet and ssh transport input telnet SSH okay this comment is not supported by pocket racer but should be supported on a real switch pocket try sorry you cannot use both you will only use you will use only one or telnet or SSH in my case I will use only SSH and the command is accepted change the logging method to use the local database for user verification logging use the local database local login lookin so you will use the username and password created on the local database to access the switch using SSH ok and save configurations copy running-config to startup config enter enter establish SSH connection to the switch use return from pca from the pc close the terminal now since the switch command prompt this ssh - l the username art we add me and the IP address of the switch 182 and 60 a 1 that okay remember this is not one this is L enter password a the m1 and P the character of iPod enter enabled class you you are on the switch as one exit are you able to establish an SSH session with the switch yes SSH can be configured on a switch using the same comments that were used on the router as a search from the command-line interface on the switch the SSH client is built into the Cisco IOS and can be wrong from the CLI you will SSH to the router from CLI on the switch okay access the switch guy go to terminal to access the switch now you are on switch as one enter you have the console connection to s1 and using the terminal on PCI and from the switch as well access SSH access the router using SSH SSH - L the username is happening and use the IP address of the router 1.1 so the password a d m1 M P the character Wi-Fi and to enable class very nice you can return to as well without closing the SSH session to r1 by pressing control shift 6 release the ctrl shift six keys and press X the switch privilege accept prompt displaced okay [Music] control shift six control shift six okay this this this case are not working on but the tracer but the main goal is that you can return to as one without closing the SSH session to return to the SSI session where one press enter on a black CLI line you may need to press ENTER a second time to see the rather CLI prompt okay on black CLI line press enter the connection the SSH connection will be re-established and you will access to the router with SSH to add the SSH session or r1 type exit you are on or one type exit now now you are on this one but don't forget this tab use the question mark to display the parameter options available with SSH common SSH and in question mark for example the L option is login using this user name so that's why you you will use option and you will use this username to access what version of SSH are supported from the CLI for example almost one verify that with the following common as a sage - P and the question mark in this case you can support version 1 or inversion - for SSH the 2960 switch running iOS version 15.0 supports SSH version 1 and version 2 how would you provide multiple users each with their own username access to a network device you would add each user's username and password to the local database using the username common it is also possible to use a radius or a target server but this has not been covered yet this is covered on CCNA security but for example on this one configure terminal create another reducer name : user 1 and the secret password will be also user 1 enter now exit the clothes use the command prompt from PC to access as one as a search option where the username is not admin in this case will be user 1 and the IP address of the switch enter the password is user 1 now you have the access with another user and you can add multiple users also you can set privileges and authorizations for those users different and private lashes and authorizations but this is covered as on CCNA security thank you

Info

Channel: Christian Augusto Romero Goyzueta

Views: 13,878

Rating: undefined out of 5

Keywords: cisco, itn, introduction to networks, v7.0, version 7.0, version 7, ssh, router, switch, secure shell

Id: 7oLSIJDYeMo

Channel Id: undefined

Length: 29min 52sec (1792 seconds)

Published: Mon Mar 23 2020