SSH: SECURE SHELL PROTOCOL
- telnet traffic is sent in a clear text way, so it is not secure.
- It is a client/server protocol that encrypt the traffic in and out through vty ports.
- By default cisco router & switches act as SSH clients.
- To make CISCO router & switches act as SSH servers they must be configured.
- Authentications is required to connect clients.
- This authentication can be username & password or authentication with a AAA server .
- There are 2 versions in SSH
- Version 2 more secure than the Version 1.
- Cisco devices supports both versions.
- Must specify which version u want use.
- Configuring basic SSH Server requires following steps:
- Check IOS support ssh or not.
- Configure a host name (if already config leave it)
- Config a domain name. (if already config leave it)
- Config a client authentication method.
- Router or Switch generate RSA keys that will be used to encrypt the session.
- specify the SSH version, if u want to use version 2.
- Disable telnet on the VTY lines.
- Enable SSH on the VTY lines.