Welcome to this tutorial! Here, we’ll have an overview of Secure Shell (SSH) protocol, then see how to configure it on a switch and a router in Packet Tracer.
An overview of SSH
Secure Shell, just like Telnet, enables a user to access a remote device and manage it remotely. However, with SSH, all data transmitted over a network (including usernames and passwords) is encrypted and secure from eavesdropping.
SSH is a client-server protocol, with a SSH client and a SSH server. The client machine (such as a PC) establishes a connection to a SSH server running on a remote device (such as a router). Once the connection has been established, a network admin can execute commands on the remote device.
Configuring SSH on a router in Packet Tracer
For this tutorial, we’ll configure SSH on the router so that you as the admin can access and manage it remotely using an SSH client on the admin PC.
And now on to it:
First build the network topology.
Then do these basic IP configurations on the PC and the router:
Router
Router(config)#int fa0/0 Router(config-if)#ip add 10.0.0.1 255.0.0.0 Router(config-if)#no shut Router(config)#exit
PC : IP address 10.0.0.10 Subnet mask 255.0.0.0 Default gateway 10.0.0.1
Now, to set up SSH on the router, you’ll need to:
1. Set Router’s hostname
Router(config)#hostname myRouter
2. Set domain name
myRouter(config)#ip domain name admin
Both the hostname and domain name will be used in the process of generating encryption keys.
3. Now generate encryption keys for securing the session using the command crypto key generate rsa.
myRouter(config)#crypto key generate rsa The name for the keys will be: myRouter.admin Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
4. Set an enable password .
myRouter(config)# enable password admin
Note that this password is not for use with SSH; its only for use in accessing the privileged executive mode of the router after you are able to access its CLI remotely via SSH .
5.Set username and password for local login.
myRouter(config)#username admin password admin
The password will have to be provided before you can access the CLI of the router when using SSH.
6.Specify the SSH version to use.
myRouter(config)#ip ssh version 2
7.Now connect to VTY lines of the Router and configure the SSH protocol.
myRouter(config)#line vty 0 15 myRouter(config-line)#transport input ssh myRouter(config-line)#login local
That’s all for configuration. Move on to see if you can access the router remotely from the PC.
8. On the command prompt of the PC, open a SSH session to the remote router by typing the command: ssh -l admin 10.0.0.1
admin is the username set in step 5.
9. Provide the login password which you set in step 5 and press enter. You’re now probably in the CLI of the router. Provide the enable password (the one you set in step 4) to access the privileged executive mode.
You can proceed and do configurations on the Router.You’re now managing the router remotely from the PC.
That’s it!
At this point, let’s move on and configure SSH on a switch.
SSH configuration on a Switch
Here, we’ll configure SSH on a multi-layer switch. The commands remain almost the same as for the router; only that in a switch, we’ll use the IP address of its VLAN interface to access it from the PC.
So then, let’s move on.
- Begin by creating the network topology.
Then configure basic IP addressing on the PC and the switch. On the switch, we’ll assign an IP address to a VLAN interface, just as we’ve said.
Switch
Switch(config)#int vlan 1 Switch(config-if)#ip add 10.0.0.1 255.0.0.0 Switch(config-if)#no shut
Give the ADMIN PC IP address 10.0.0.10 /8
Now, to configure SSH on the multilayer switch, here are the steps.
1.Configure hostname
Switch(config)#hostname SW1
2. Configure IP domain name
SW1(config)#ip domain name admin
Both the host name and domain name will be used in the process of generating encryption keys.
3. Now generate encryption keys for securing the session.
SW1(config)#crypto key generate rsa The name for the keys will be: SW1.admin Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
4.Set an enable password.
SW1(config)#enable password admin
Again, note that enable password is not necessarily used in configuring SSH; it will allow the admin to access the privileged executive mode of the switch once a remote connection to the switch via SSH is established.
5. Set username and password for local login.
SW1(config)#username admin password admin
6. Specify the SSH version to use.
SW1(config)#ip ssh version 2
7. Now connect to the VTY lines of the switch and configure SSH on the lines.
SW1(config)#line vty 0 15 SW1(config-line)#transport input ssh SW1(config-line)#login local
That’s all for SSH configuration on the switch. Move on and try to access the switch remotely from the PC.
So then:
8. On the command prompt of the Admin PC, open a SSH session to the switch using the command ssh -l admin 10.0.0.1
Note that: admin is the username defined in step 5 while 10.0.0.1 is the IP address of the VLAN interface of then switch.
***command prompt***
Note:
- We used a multi layer switch because we couldn’t find support for SSH on layer 2 switches in Packet Tracer.
- We can still start a SSH session to a router/switch from another router/switch instead of a PC, as long as the router/switch supports SSH.
This concludes our tutorial on SSH.
All the best!
You may also like to read:
- Telnet configuration on a switch and a router in Packet Tracer.
- Configuring VLAN and interVLAN Routing in Packet Tracer
THANKS FOR YOUR HELP
LikeLike
thank you
LikeLike
This is a very nice one and gives in-depth information. I am really happy with the quality and presentation of the article. I’d really like to appreciate the efforts you get with writing this post. Thanks for sharing.
https://www.sevenmentor.com/ccna-course-in-pune-area.php
LikeLike
Thanks for the clear explanation!
I just wanted to add that to set a password for enable you could use “enable secret admin” it’s a genreally more secure way of encrypting the password than putting “service password-encryption” later on.
LikeLike
Hi, are you able to answer my question below?
LikeLike
Hi,
Where would you store the active key, back up key and start up key? In terms of this scenario
LikeLike
whats this shiiiit!!!!!!!!!!! my computer is buuuubm and now i type this comment n my fuking selfphone oshiiiiiit fuck you and your answert hhhhgh
h
LikeLike
Thank you so much !!! I have watched many tutorials in youtube and other websites BUT none was clear and well explained like this article thanks again.
LikeLike
Thanks for the clear explanation!
https://www.uiuxdesignschool.in/
LikeLike