Packet Tracer 1.3.6 - Configure SSH

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi everyone this video covers packet tracer 1.3.6 configuring ssh this packet tracer assignment is a part of the switching routing and wireless essentials version 7 cisco networking academy curriculum so in this assignment we've got pc one and we've got switch one now they are connected directly together however they wouldn't necessarily have to be for this lab they could just be both connected to the internet at large and have their ip addressing configured because what we're covering is a remote connection so for instance if you were sitting on the beach and you wanted to log into your switch or your router you could use one of two options to remotely log in and that would be either through tailnet or through ssh both are remote connections with their pros and cons individually and we'll talk about those and we've covered both of them previously in the intro to network so this is a little bit of a review so using pc1 first we're going to telnet into s1 so we're remotely logging into it now if you remember tell net has its inherent difficulties or challenges the main one being that since this is a remote connection think about again if you are sitting on the beach or in starbucks trying to remote into your router or switch you're gonna have to type in a username and password that you have previously set up locally on the switch now when you use telnet unfortunately that information is passed over the internet in plain text meaning if somebody was sitting at starbucks next to you and decided to sniff their network traffic they could easily see exactly the username and password that you sent back and forth to the router or the switch to log in so let's see what that looks like so we've already got that set up on s1 so we're going to go to pc1 and go to the command prompt and we're going to type in telnet and we're going to type in the ip address for switch one which is 10.10.10.2 up there now again remember you cannot assign a ip address to a physical interface on a regular layer 2 switch but you can to the vlan interface this allows you to be able to remote into it only all right so we're going to type in our password here which is all lowercase cisco from our directions again it will not show you typing so when you type cisc it will not come up on the screen and you press enter afterwards and it'll come up with the enable prompt right here or your exec mode and you can type enable to go to privileged exec mode and this password is also cisco you press enter and now you are in privileged exec mode so from here remember you can save your running configurations you can also show your configurations that you currently have configured i'm in depth for certain prompts in certain configurations and then you could also go to config mode with config t so here they first want you to save your current configuration so i'm going to type copy run start and you press enter twice to save that locally and it says to show our current configurations the note that the plane the passwords are in plain text so if i do show run you see here my console local console pass or sorry my enable secret is uh cisco and they actually didn't even use enable secret they used enabled password so that means it will not store in encrypted same thing here for my remote login and remember because we just did line vty 0 through 15 that means up to 16 people can log into this switch each person that logs in is assigned a channel number because we didn't set anything except for the password and just noted people to be able to log in it is going to use telnet so all this stuff is sent in plain text even is stored in plain text on the switch so first thing is we want to uh encrypt those passwords that are stored locally now again that's still not going to solve telnet's problem of sending the information in plain text over the internet but it will solve the issue of if somebody were to break into your router or switch configurations that they won't be able to just see it when they type show run so here we want to do service password dash encryption for that and then if you go back and do a do show run remember the do command allows us to be able to type in our configuration syntax no matter where we are in our system so i hit enter here you now see instead of seeing the word cisco you actually see a random bunch of letters and numbers so it was ran through a hash algorithm and this is what you have in the end but again that still doesn't solve our problem with telnet so let's set up ssh ssh is actually a method of sending that information as long as you set it up beforehand just like with telnet encrypt it across the internet but there are a few more steps to setting that up so first we want to configure a domain name so we're going to configure the domain name to netacad.pka so our command is ip domain dash name netacad dot pka hit enter next they want us to generate some rsa keys using the 1024-bit link these are the encryption keys that are automatically generated by the rsa algorithm so we're going to do cryptokeygenerate is the command rsa you press enter and it asks you how many bits do you want it to be now by default it's 512 so you actually have to type in 1024 here to up the encryption level then you press enter and it says generating 1024-bit rsa keys they will be non-exportable meaning they are locally on the system and you can't export these because again that would create a security risk so next we want to set up our username on our system and we want to set up a local username of administrator from the directions so we want to do username administrator all right make sure you spell it correctly or it won't give you credit and then instead of a regular password we want to do an encrypted one of secret so we'll type secret instead of the word password here and cisco all lowercase what that's going to do is set up a local username of administrator and the secret is going to be or the password is going to be cisco it's just going to be encrypted since we use the secret syntax or option there all right next we're going to go to our vty lines so we'll do line vty 0 4 or sorry 0 15 because we want to do all of them in one fell swoop and then we're going to remove the login so no login and no password cisco from what it was earlier then we're going to force it to use ssh so we're going to do log in local so that it will use the local database and we're going to force it to use ssh so transport input ssh all right you see now we're at a hundred percent for our lab so everything should be working but let's test it out it says exit the telnet session attempt to log back in and see if that works because right now we're still logged in through telnet right so i'm type exit a bunch until it says closed then i'm gonna do tail net 10.10.10.2 press enter and you see it doesn't work right now we can do ssh because we ended the ability to do telnet so if you type ssh in the command prompt to see how you use it you'll see that and you can press enter without any options there it'll give you kind of the syntax that you need so it's ssh dash l all right our username is administrator and then our target is our ip address so 10.10.10.2 you press enter here you see it asks you for the password which was cisco press enter and voila we are now back into our switch and you can do the same things as far as show runs saving your configurations and so on and you see all of our stuff that we have set up here username administrator and the secret or password is encrypted our ip domain name and you see here under the remote logins and the line vty for 0 through 15 uh you see login local and transport input ssh so that is much more secure when we start sending that information over the internet so that is a recap on how to configure a secure connection for logging in remotely to a switch or a router
Info
Channel: Anthony Lucas
Views: 8,478
Rating: undefined out of 5
Keywords:
Id: RKcYVlRC5kc
Channel Id: undefined
Length: 9min 5sec (545 seconds)
Published: Thu Jan 28 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.