Wednesday, May 23, 2012

SSH: SECURE SHELL PROTOCOL

  • telnet traffic is sent in a clear text way, so it is not secure.
  • It is a client/server protocol that encrypt the traffic in and out through vty ports.
  • By default cisco router & switches act as SSH clients.
  • To make CISCO router & switches act as SSH servers they must be configured.
  • Authentications is required to connect clients.
  • This authentication can be username & password or authentication with a AAA server .
  • There are 2 versions in SSH
    • Version 2 more secure than the Version 1.
    • Cisco devices supports both versions.
  • Must specify which version u want use.
  • Configuring basic SSH Server requires following steps:
    • Check IOS support ssh or not.
    • Configure a host name (if already config leave it)
    • Config a domain name. (if already  config leave  it)
    • Config a client authentication method.
    • Router or Switch generate RSA keys that will be used to encrypt the session.
    • specify the SSH version, if u want to use version 2.
    • Disable telnet on the VTY lines.
    • Enable SSH on the VTY lines.