5.2.1.4 Packet Tracer – Configuring SSH

5.2.1.4 Packet Tracer – Configuring SSH

From year to year, Cisco has updated many versions with difference questions. The latest version is version 6.0 in 2018. What is your version? It depends on your instructor creating your class. We recommend you to go thought all version if you are not clear. While you take online test with netacad.com, You may get random questions from all version. Each version have 1 to 10 different questions or more. After you review all questions, You should practice with our online test system by go to "Online Test" link below.

Version 5.02Version 5.03Version 6.0Online Assessment
Chapter 5 ExamChapter 5 ExamChapter 5 ExamOnline Test
Next Chapter
Chapter 6 ExamChapter 6 ExamChapter 6 ExamOnline Test
Lab Activities
 5.2.1.4 Packet Tracer – Configuring SSH
 5.2.2.7 Packet Tracer – Configuring Switch Port Security
 5.2.2.8 Packet Tracer – Troubleshooting Switch Port Security
 5.3.1.2 Packet Tracer – Skills Integration Challenge

Packet Tracer – Configuring SSH (Answer Version)

Answer Note: Red font color or Gray highlights indicate text that appears in the Answer copy only.

Topology

5.2.1.4 Packet Tracer – Configuring SSH

5.2.1.4 Packet Tracer – Configuring SSH

Addressing Table

DeviceInterfaceIP AddressSubnet Mask
S1VLAN 110.10.10.2255.255.255.0
PC1NIC10.10.10.10255.255.255.0

Objectives

Part 1: Secure Passwords

Part 2: Encrypt Communications

Part 3: Verify SSH Implementation

Background

SSH should replace Telnet for management connections. Telnet uses insecure plain text communications. SSH provides security for remote connections by providing strong encryption of all transmitted data between devices. In this activity, you will secure a remote switch with password encryption and SSH.

Part 1: Secure Passwords

  1. Using the command prompt on PC1, Telnet to S1. The user EXEC and privileged EXEC password is cisco.
  2. Save the current configuration so that any mistakes you might make can be reversed by toggling the power for S1.
  3. Show the current configuration and note that the passwords are in plain text. Enter the command that encrypts plain text passwords:
    • S1(config)# service password-encryption
  4. Verify that the passwords are encrypted.

Part 2: Encrypt Communications

Step 1: Set the IP domain name and generate secure keys.

It is generally not safe to use Telnet, because data is transferred in plain text. Therefore, use SSH whenever it is available.

  1. Configure the domain name to be netacad.pka.
    • S1(config)# ip domain-name netacad.pka
  2. Secure keys are needed to encrypt the data. Generate the RSA keys using a 1024 key length.
    • S1(config)# crypto key generate rsa
    • The name for the keys will be: S1.netacad.pka
    • Choose the size of the key modulus in the range of 360 to 2048 for your
    • General Purpose Keys. Choosing a key modulus greater than 512 may take
    • a few minutes.
    • How many bits in the modulus [512]: 1024
    • % Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

Step 2: Create an SSH user and reconfigure the VTY lines for SSH-only access.

  1. Create an administrator user with cisco as the secret password.
    • S1(config)# username administrator secret cisco
  2. Configure the VTY lines to check the local username database for login credentials and to only allow SSH for remote access. Remove the existing vty line password.

S1(config-line)# login local
S1(config-line)# transport input ssh
S1(config-line)# no password cisco

Part 3: Verify SSH Implementation

  1. Exit the Telnet session and attempt to log back in using Telnet. The attempt should fail.
  2. Attempt to log in using SSH. Type ssh and press Enter without any parameters to reveal the command usage instructions. Hint: The -l option is the letter “L”, not the number 1.
  3. Upon successful login, enter privileged EXEC mode and save the configuration. If you were unable to successfully access S1, toggle the power and begin again at Part 1.

From year to year, Cisco has updated many versions with difference questions. The latest version is version 6.0 in 2018. What is your version? It depends on your instructor creating your class. We recommend you to go thought all version if you are not clear. While you take online test with netacad.com, You may get random questions from all version. Each version have 1 to 10 different questions or more. After you review all questions, You should practice with our online test system by go to "Online Test" link below.

Version 5.02Version 5.03Version 6.0Online Assessment
Chapter 5 ExamChapter 5 ExamChapter 5 ExamOnline Test
Next Chapter
Chapter 6 ExamChapter 6 ExamChapter 6 ExamOnline Test
Lab Activities
 5.2.1.4 Packet Tracer – Configuring SSH
 5.2.2.7 Packet Tracer – Configuring Switch Port Security
 5.2.2.8 Packet Tracer – Troubleshooting Switch Port Security
 5.3.1.2 Packet Tracer – Skills Integration Challenge