Packet Tracer - Secure Shell (SSH) configuration on a router

Packet Tracer - Secure Shell (SSH) configuration on a router 

Welcome to this tutorial! Here, we’ll have an overview of the Secure Shell (SSH) protocol, then see how to configure it on a router in Packet Tracer.

An overview of SSH

Secure Shell, just like Telnet, enables a user to access a remote device and manage it remotely. However, with SSH, all data transmitted over a network (including usernames and passwords) is encrypted and secure from eavesdropping.

SSH is a client-server protocol with an SSH client and an SSH server. The client machine (such as a PC) establishes a connection to an SSH server running on a remote device (such as a router). Once the link has been found, a network admin can execute commands on the remote machine.

Configuring SSH on a router in Packet Tracer

For this tutorial, we’ll configure SSH on the router so that you, the admin, can access and manage it remotely using an SSH client on the admin PC.
And now on to it:
First, build the network topology.

Then do this basic IP configuration on the PCs and the Router:

Router

Router>enable Router#configure terminal Router(config)#int fa0/0 Router(config-if)ip add 192.168.10.1 255.255.255.0 Router(config-if)#no sh

 

PCs 

   

Device	IP Address	Default gateway	Subnet mask
PC1	192.168.10.2	192.168.10.1	255.255.255.0
PC2	192.168.10.3	192.168.10.1	255.255.255.0
PC3	192.168.10.4	192.168.10.1	255.255.255.0

Now, to set up SSH on the router, you’ll need to:

1. Set Router’s hostname

Router(config)#hostname R1

2. Set domain name

R1(config)#ip domain-name rupp.com

Both the hostname and domain name will be used in the process of generating encryption keys.

3. Now generate encryption keys for securing the session using the command crypto key generate rsa.

R1(config)#crypto key generate rsa The name for the keys will be: R1.rupp.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

4. Set an enable password 

R1(config)# enable password admin

  
Note that this password is not for use with SSH; its only for use in accessing the privileged executive mode of the router after you are able to access its CLI remotely via SSH.

5. Set username and password for local login.

R1(config)#username rupp password rupp1

The password will have to be provided before you can access the CLI of the router when using SSH.

6. Specify the SSH version to use.

R1(config)#ip ssh version 2

7. Now connect to VTY lines of the Router and configure the SSH protocol.

R1(config)#line vty 0  4 R1(config-line)#transport input ssh R1(config-line)#login local

That’s all for configuration. Move on to see if you can access the router remotely from the PC.

8. On the command prompt of the PC2, open an SSH session to the remote router by typing the command:  ssh -l rupp 192.168.10.1
rupp is the username set in step 5.

9.  Provide the login password which you set in step 5 and press enter. You’re now probably in the CLI of the router. Provide the enable password (the one you set in step 4) to access the privileged executive mode.

You can proceed and do configurations on the Router. You’re now managing the router remotely from the PC2.

Note:

v    The command Login Local and Login. My quick and easy way to remember it is: Login = You need 1    piece of ID to get in a password. Login Local = You need 2 pieces, both a username and a password. 

v    Line console 0 and line vty. console 0 is the physical console port on the switch/router you plug into.      line vty is when you remote into the switch/router via telnet or ssh.