Never use TELNET ! How to configure SSH on a Cisco Router.

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello everyone my name is raphael and welcome to network engineer pro in today's video i'm going to show you how to configure ssh on a cisco router but first what is ssh and why should you even care well you're working as a network engineer and you just racked and stacked a brand new router or switch in your it closet or maybe somewhere in the data center you connected to it with that awesome blue console cable on the device's console port you gave it a management ip address and now you can ping it but now you need to connect and manage it remotely right obviously you don't want to have to be on site physically connected to the router's console port every single time you want to configure it so what are your options well one option is telnet sure it's easy to set up but it's not secure that's right guys everything is sent in clear text so data like usernames and passwords can be seen when doing a packet capture so it's a security risk right but don't just hear it give me 60 seconds i'm gonna show you exactly what i mean when i say that telnet is unsecure all right so if you look in the upper right hand corner you're gonna see i have router one and router two and i have a packet capture running on router one's gig zero zero interface so what i'm gonna do is i'm going to telnet from router 1 to router 2 then after that we're going to look at the packet capture and see what it shows us get in here all right so i'm going to go to privilege mode and i'm going to say telnet and i'm going to tell that to router 2's ip which is 192 168 1.2 all right so it's asking us for a username to log in so the username is admin the password is cisco and i want you guys to remember that the username is admin and the password is cisco now let me just do a quick show command show ip interface brief all right good good good all right so now that we have telneted from router 1 to router 2 successfully we logged in we did a show command let's look at the packet capture really quick all right so what i'm going to do here is i'm going to filter all this out i just want to say telnet so i only see the captures that are using the protocol telnet so here we have telnet we have some information let's go ahead and just scroll down and let's just see what we see so okay so we have a username prompt right when it prompted us for our username and what i want to say is what was our username our username was admin right so you can see here in the data right that's the first letter that we typed so let's just keep going down a d m i n whoa hold on that's the user name i sent in clear text in this ca in this packet capture let's keep going okay so here it's prompting us for our password as you can see right here let's keep going down c hold on what was our password our password was cisco right c i s c o holy cow our password is here in clear text this is a big no-no this is a huge security violation let's keep going okay so now we can see the prompt of router 2 that showed up show what was our command that we did we did show ip interface brief right sh space ip space int space b r i brief show ip interface brief and it showed us and look at this output that router 2 gave us the output from the show ip interface brief all of this is in clear text we cannot have this i'm sure we can all agree that we're going to throw that telnet option out the window the other option is going to be ssh ssh is a protocol that stands for secure shell by default it uses tcp port number 22 and it's used to remotely access and manage devices and the great thing is that it uses encryption to make sure that the data that's transmitted is secure with that being said let's head to the cli and get ssh configured all right so we're finally ready for the configuration portion of this video what we're going to do is we're going to configure router 2 for ssh and the goal at the end of this is to be able to successfully ssh from router 1 to router 2. now we have a few tasks to get this accomplished step one is going to be to configure a host name now this router is a brand new router the only configuration that's on this device is going to be the ip address on gigabit 0 0 which in our example is going to be 192 168 1.2 so like i said step one is to configure the device hostname step two we're going to configure an ip domain name step three is to configure and generate an rsa key pair step four is to create a user and step five is to configure the vty lines so let's get started all right so the first thing i'm going to do i'm going to go into config t and we're going to give the device a host name since we're using router 2 i'm just going to keep it simple and say r2 after we've configured the hostname let's go ahead and configure the ip domain name so i'm going to say ipdomain dash name and we're going to go with networkengineerpro.com great now that we've created the hostname and the domain name let's generate an rsa key so i'm going to say crypto oops crypto key generate rsa now when i hit enter you can see that the name for the key is going to be r2.networkengineerpro.com that is a combination of our hostname and our ip domain name now by default it will if you hit enter it's going to generate the key with 512 bits let's go ahead and use 1024 great now that the key has been generated you can see here that ssh version 2.0 has been enabled you have two versions ssh1 and ssh2 ssh2 is going to be the preferred option now that we have done that let's go ahead and create a user so we're going to say username admin and i'm going to give it a privilege level of 15 and the password is going to be cisco great so we're done with step four let's go ahead and go to step five and configure the live vty so i'm gonna go to line vty zero through four and the first thing we're gonna do is we're gonna say log login local now what this means is that when you try ssh to this router it's going to ask you for a username and it's going to look inside the local database for that username next what we're going to do is we're going to say transport input and we're going to hit question mark real quick because i want to show you something by default you're going to be able to ssh and telnet into this device but what we want to do is we want to make sure that we can only ssh we don't want to be able to telnet into this router so we're going to go with transport input ssh if i wanted to be able to only telnet i would say transport input telnet if i didn't care and i wanted to be able to ssh and telnet i would just say transport input all so now that we've done that and configured ssh let's go ahead and test and verify that we can successfully ssh from router 1 to router 2. so the way i'm going to do this i'm going to ssh from this router to another router and the way to do this is ssh l and i'm going to specify the username that i created earlier and i'm going to put the ip address that we're going to be ssh into this is going to be router 2's gig 0 0 interface excellent i've been prompted with a password and the password we created was cisco and again it's checking that login local command on the vty to use the local username that we created earlier so now that we're successfully ssh into router 2 let's do a quick show command show ip interface brief awesome it works great so let's hop back on router 2 and what i want to do is let's look at some show commands let's do show ssh this is a good command it's telling us that we have ssh version 2 and we have an inbound inbound and outbound connection and the username is going to be admin another helpful command that i like to do is show tcp brief the output of the show tcp brief command is telling us that there is an ssh connection right port 22 to our ip address from this ip address 192 168 1.1 which is router 1's ip address and the state is established and that's what you want to see when it comes to tcp next what i want to show you i want to show you a packet capture right so i've been capturing on router one's gig zero slash zero interface now that i have wireshark open what i'm gonna do let me move this over just a little bit and i'm gonna specify only ssh so we can see all the ssh packets that have been going on and look here so look at all these encrypted packets so before when we opened the telnet portion we were able to see exactly what the username was and the password and the output of the show commands that we tested but if you see here all this is encrypted we can't see it so i'm going to keep scrolling down and look at all these packets they're all encrypted we're not able to see the contents like we did with telnet so this is why you want to use ssh because it's more secure in a real production environment you're almost never going to see people using telnet alright so just to sum everything up we talked a little bit about telnet and why it's not secure i even showed you a packet capture during a telnet session and we could actually see the usernames and passwords being sent in clear text after that we talked about ssh being the more secure and preferred option i then showed you how to configure it and we did some show commands to verify our work after that we ended it with a packet capture showing that the data sent during an ssh session is in fact secure remember the packet captures never lie alright i hope you all enjoyed this video and learned something if you did don't forget to hit the subscribe button below because the next one's coming out soon thanks everyone have a great day

Info

Channel: Network Engineer Pro

Views: 246

Rating: undefined out of 5

Keywords: ssh, secure shell, linux, configure ssh, enable ssh, enable ssh on cisco switch, enable ssh on cisco router, cisco, ccna, ssh tutorial, ssh keys, telnet, telnet vs ssh, telnet cisco router, telnet cisco switch, packet tracer, ssh cisco, ssh cisco configuration, how to configure ssh on cisco switch, how to configure ssh on cisco router, how to configure ssh in packet tracer, how to configure ssh on a cisco router and switch

Id: BjFjYOSg4gU

Channel Id: undefined

Length: 9min 19sec (559 seconds)

Published: Thu Jan 21 2021