Steps to create an SSH in A Switch/Router

Steps to create an SSH in A Switch/Router

Steps to create an SSH in A Switch/Router

Many a times we need to telnet/ssh into a router to perform some administrative tasks. SSH is preferred more than Telnet because, communicating via SSH, data gets encrypted, while in a telnet communication, data are not encrypted and if the data packets are sniffed with sniffing softwares like wireshark, the person who sniffed can know everything about the data communication.

Here i will show how to configure "telnet" and also "ssh" on a Cisco Router. Things are same for switches

So first of all we need to power on the Router

We assume that we have a hyper terminal session with the Router from where we will configure the Router so that we can have a telnet/ssh session

Steps For Setting Telnet :
 1. From global config mode (Optional)
Router(config)#hostname CKRTR1
 2. Assign an interface of the RTR with an IP Address from interface configuration mode:
CKRTR1(config)#interface fastEthernet 0/1
CKRTR1(config-if)#ip address 192.168.10.1 255.255.255.0
CKRTR1(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
CKRTR1(config-if)#exit
3.  Next, we need to go to line vty configuration mode:
CKRTR1(config)#line vty 0 15
CKRTR1(config-line)#passw
CKRTR1(config-line)#password admin123
CKRTR1(config-line)#login
CKRTR1(config-line)#^Z
CKRTR1#copy run start

Note: For telnet we have to set a password, without the password its a security risk and by default it wont let to login. We can change this default behaviour if at all we do not want to keep a password for the vty lines understanding the risk. we can go under vty lines, and then negate the password command if set by "no password" and most importantly "no login". When "no login" is set, telnet sessions will start without any kind of authorisation.

And We are done configuring the Router. We can test it by trying to opening a telnet session, from a PC on the LAN segment.
PC>telnet 192.168.10.1
Trying 192.168.10.1 ...Open

User Access Verification

Password: admin123
CKRTR1>


Now that we know how to configure a router for telnet sessions, we will not see how to configure the Router for SSH session ( because we know that SSH is more secure than telnet )

Steps to configure SSH
 1. We need to set a domain-name regardless of whether we use the domain, this is used to create SSL certificate and is mandate to define a domain name.
CKRTR1(config)#ip domain-name computerkorner.org
CKRTR1(config)#
 2. Next we need to create a user account on the router:
CKRTR1(config)#username gray
CKRTR1(config)#
 3. Next we need to generate the RSA keys that will be required when SSH connections are done for authentiation and data encryption.
CKRTR1(config)#crypto key generate rsa
The name for the keys will be: CKRTR1.computerkorner.org
Choose the size of the key modulus in the range of 360 to 2048 for your
 General Purpose Keys. Choosing a key modulus greater than 512 may take
 a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

CKRTR1(config)#  

Note: I have given 1024 bits encryption, default for this router is 512, this is just to make the keys with defined number BITS.

 4. Define the SSH version, the standard is 2
CKRTR1(config)#ip ssh version 2
CKRTR1(config)#

 5. Next we need to configure the VTY line to accept only SSH connections.
CKRTR1(config)#line vty 0 15
CKRTR1(config-line)#transport input ssh 
CKRTR1(config-line)#password sshadmin
CKRTR1(config-line)#login

And we are done with minimum requirements to open up SSH connection from remote hosts. I assume that one of the Router Interface has been assigned an IP Address which has been shown on the telnet configuration part, from the LAN segment we will first try to open telnet and then SSH

PC>telnet 192.168.10.1
Trying 192.168.10.1 ...Open

[Connection to 192.168.10.1 closed by foreign host]
PC>

Telnet will not work because we have configured the VTY lines to accept only SSH connections.

PC>ssh -l gray 192.168.10.1
Open
Password: sshadmin

CKRTR1>
CKRTR1>

So, now we see that the Router accepts only SSH connection and telnet connections are refused.

Hope this was helpful, for any Questions, feel free to comment it out.


Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!