In today’s world of networking, securing remote access to routers has become a top priority. The most common way of accessing routers remotely is through Telnet, but it is an unsecured protocol that sends all data, including passwords, in plain text. Anyone with access to the network can potentially intercept and read the data.
To overcome this problem, Cisco routers come with Secure Shell (SSH) protocol support. SSH provides secure remote access to routers by encrypting all data, including passwords, and is widely considered as a more secure alternative to Telnet.
In this article, we will discuss how to secure remote access to a Cisco router using SSH. We will assume that the router is already configured with a hostname, domain name, and an IP address on an interface.
Firstly, generate RSA keys on the router using the “crypto key generate rsa general-keys modulus 4096” command. This command generates a pair of public and private keys, and the modulus size is set to 4096 bits, which is currently considered a secure key length. The router will prompt for a name for the keys, which in this case will be “ccna.ccnaguru.com”.
Next, enable SSH version 2 on the router using the “ip ssh version 2” command. This command forces the router to use SSH version 2, which has better security features than version 1. Set a timeout for SSH connections using the “ip ssh time-out” command, which specifies the number of seconds the router will wait for a response from the client. Additionally, set the number of authentication retries for SSH connections using the “ip ssh authentication-retries” command.
To allow SSH connections, configure the VTY lines using the “line vty 0 15” command. Transport input is set to SSH using the “transport input ssh” command, and the “login local” command tells the router to authenticate users using the local username and password database.
Create a local user account on the router using the “username” command, which is “saeed” in this case, and set the password to “ahmad”.
Finally, configure an IP address on the router interface, and enable it using the “no shutdown” command.
To connect to the router from a PC, use the “ssh” command followed by the username and IP address of the router. In this case, the command would be “ssh -l saeed 192.168.10.1”. The PC will prompt for the user’s password, which is “ahmad”.
In conclusion, SSH provides a secure way to access Cisco routers remotely, and configuring it is essential for network security. By following the steps outlined in this article, you can secure remote access to your Cisco router and prevent unauthorized access to your network.
Router>en
Router#conf ter
Router(config)#ip domain-name ccnaguru.com
Router(config)#hostname ccna
ccna(config)#crypto key generate rsa general-keys modulus 4096
The name for the keys will be: ccna.ccnaguru.com% The key modulus size is 4096 bits
% Generating 4096 bit RSA keys, keys will be non-exportable…[OK]
*Mar 1 0:3:4.769: %SSH-5-ENABLED: SSH 1.99 has been enabled
ccna(config)#ip ssh version 2
ccna(config)#ip ssh time-out 30
ccna(config)#ip ssh authentication-retries 5
ccna(config)#line vty 0 15
ccna(config-line)#transport input ssh
ccna(config-line)#login local
ccna(config-line)#exit
ccna(config)#username saeed password ahmad
ccna#write
ccna(config)#interface f0/0
ccna(config-if)#ip address 192.168.10.1 255.255.255.0
ccna(config-if)#no shutdownTo connect from PC to Router
PC> ssh -l saeed 192.168.10.1