1/10/2015

e. REMOTE CONFIGURATIONS | CCNA Basics

CCNA Basics

Category Archives: e. REMOTE

CONFIGURATIONS
August 13, 2012

5.1 SSH (SECURE SHELL)

Telnet is a great tool, but it is insecure. Telnet sends all information between you and the router in clear
text. This means that anybody may be able to intercept the sensitive information and use it to gain
access to your router.
The standard tool used for establishing a secure connection to a Cisco router is Secure Shell (SSH).
SSH uses a cryptographic algorithm to encode information, making it difficult for someone to intercept
your username, password, or other information.
SSH works on LINUX. If you are a Windows user, use the Putty SSH GUI client to enable SSH.
It is a great protection from sniffing, as it sends data in encrypted form unlike TELNET.
Let two routers be connected via cross-over cable. The IP address has been assigned to the interface as
shown in figure below:

SETTING UP SECURE SHELL (SSH)

You must assign a hostname and domain name to your router before you can generate your
encryption keys.
http://ccnabasics.com/category/e-remote-configurations/

1/10

1/10/2015

e. REMOTE CONFIGURATIONS | CCNA Basics

STEP 1: SET YOUR ROUTERS HOSTNAME

We have already discussed how to assign a name to router.
Example: lets call our router r-1

STEP 2: SET THE DOMAIN-NAME

Domain names are used in URLs (http://www.webopedia.com/TERM/U/URL.html) to identify
particular Web pages (http://www.webopedia.com/TERM/W/web_page.html). Example: when you
type www.facebook.com (http://www.facebook.com) ; facebook.com
is the domain name.
In global config mode, use command ip domain-name name of domain.
Example: lets set our domain-name to ccna.com

STEP 3: GENERATE THE RSA KEY

RSA is an algorithm (http://en.wikipedia.org/wiki/Algorithm) for public-key encryption. To
generate RSA key for SSH, we need to specify the size of the key. Use the following commands to
generate RSA key for SSH.
In global config mode, use command crypto key generate rsa.
Now specify the size of the key. The range from which you can choose the size of the key will be
mentioned by the router. The size of key is always given in bits.

http://ccnabasics.com/category/e-remote-configurations/

2/10

1/10/2015

e. REMOTE CONFIGURATIONS | CCNA Basics

When you press enter again after executing the above step, SSH will be enabled.

STEP 4: ENABLE SSH AND TELNET AS ACCESS PROTOCOL

Connect to the VTY lines of the router first using the command line vty 0 ? in the global config
mode.
Now configure SSH using command: transport input ssh.
You can also configure TELNET using command: transport input telnet.

Step 5: set username password for SSH

Enter in VTY line mode in global config mode.
Now to set username and password for SSH, use command login local.
Exit config-line mode to global config mode and enter username and password using the
command: username <username> password <password>
Exit.
Step 6:
verify SSH

command ssh l <username> <IP address of router> in privileged exec mode.

Specify the password when router prompts for it.

http://ccnabasics.com/category/e-remote-configurations/

To verify
working of
SSH, use

3/10

1/10/2015

e. REMOTE CONFIGURATIONS | CCNA Basics

SSH COMMAND SUMMARY

Hostname R-1

Sets routers hostname to R-1. This command is

used in global config mode.

Ip domain name ccna.com

Sets ip domain-name to ccna.com. This

command works in global config mode.

Crypto key generate rsa

It generates an encrypted key for SSH. This

command works in global config mode.
Hostname and domain-name are essentially
required for this command.

How many bits in the modulus [512]:

Specify the size of key.

How many bits in the modulus [512]: 1024

Key size set to 1024

Line vty 0 15

Enters in config-line mode.

Transport input ssh

Enables ssh. This command is used in config-line

mode.

Transport input telnet

Enables telnet. This command is used in configline mode

Login local

This command is used to set username and

password for local access of ssh. This command
is used in config-line mode.

Username student password cisco

It sets local login username as student and

password as cisco.this command is used in
config-line mode.

Ssh l student 192.168.10.1

This command is used to verify SSH. This

command is used in privileged exec mode. ssh
l is used to login SSH with username student.
192.168.10.1 is the IP address of the router which
you want to configure remotely.

Posted in e. REMOTE CONFIGURATIONS

Leave a comment
August 13, 2012
http://ccnabasics.com/category/e-remote-configurations/

4/10

1/10/2015

e. REMOTE CONFIGURATIONS | CCNA Basics

5.2 TELNET
A telnet application allows you to log in and configure your router remotely. If you use Telnet, then you
wont need to sit next to your router, configuring it via the console port. Its a handy tool. However, the
use of telnet involves some security risks. Telnet sends all information unencrypted, in clear text, across
your network. This means that anybody may be able to capture your data with a network analyzer
and obtain your passwords, router configuration, or other sensitive information.
To use TELNET, you need a router connected to a PC. It is important to note that both devices must be
able to communicate with each other, this means that both devices should be on same network.
Accordingly, assign an IP address to both the devices.
EXAMPLE: let us connect a router and a PC such that both devices operate on network of 192.168.10.0
(CLASS C network).

The routers interface connecting the PC has IP address: 192.168.10.1 and the PC has IP address:
192.168.10.2 with subnet mask: 255.255.255.0 and default gateway: 192.168.10.1 (IP address of router).
CONFIGURING TELNET ON YOUR ROUTER
CAUTION:
A device must have two passwords for a remote user to be able to make changes to your configuration:
Line vty password
Enable or enable secret password
Without the enable or enable secret password, a remote user will only be able to get to user mode, not
to privileged mode. This is extra security.
STEP 1: SET YOUR PRIVILEGED EXEC MODE PASSWORD
We have already discussed how to set enable or enable secret password, so follow those steps to set a
password to privileged exec mode.
In the example above, let the secret password be set to cisco as shown in figure below:
http://ccnabasics.com/category/e-remote-configurations/

5/10

1/10/2015

e. REMOTE CONFIGURATIONS | CCNA Basics

STEP 2: SET YOUR VTY LOGIN PASSWORD

The IOS requires that you set a VTY password before you can log in via the VTY line. We have
discussed earlier how to set VTY login password. Follow those steps to set VTY password.
In the example above, let the VTY login password be set to cisco2.

STEP 3: USE THE TELNET APPLICATION TO CONNECT TO YOUR ROUTER

You can Telnet your router from the PC without using the console cable. When you are using the
Telnet application, you need the IP address of the router.
Open the command prompt window of your PC.
Type in telnet <IP address of router>.
You receive a password prompt where you enter your VTY password.
Now you have logged into the user exec mode of router. To enter the privileged exec mode, you
need to specify the secret password.
In the example mentioned in above step, this step 3 will work as:-

http://ccnabasics.com/category/e-remote-configurations/

6/10

1/10/2015

e. REMOTE CONFIGURATIONS | CCNA Basics

TELNET COMMAND ON THE ROUTER

For a router, you dont need to use the command TELNET. You simply specify the IP address of the
router which you want to TELNET. The router will assume that you want to Telnet to the device.
The figure below shows how the command works on a router:

http://ccnabasics.com/category/e-remote-configurations/

7/10

1/10/2015

e. REMOTE CONFIGURATIONS | CCNA Basics

TELNETTING INTO MULTIPLE DEVICES SIMUTANEOUSLY

If you want to keep your connection to a remote device but still come back to your original router
console, you can follow these steps:
1. Give the telnet command on router by specifying the IP address of the router.
2. Now specify the VTY password and enter the user exec mode.
3. Press the Ctrl+Shift+6 key combination, release it, and then press X. As you type this
command, you cant see it because it doesnt show on the output screen.
4. You will see that you have automatically entered the privileged exec mode.
EXAMPLE:

CHECKING TELNET CONNECTIONS

To see the connections made from the router to your remote device, use command sh sessions in
privileged exec mode.

CHECKING THE TELNET USERS

http://ccnabasics.com/category/e-remote-configurations/

8/10

1/10/2015

e. REMOTE CONFIGURATIONS | CCNA Basics

You can list all active consoles and VTY ports in use on your router with the sh users command in
privileged exec mode.

In the figure shown above, vty port 1 is idle and console was being used. To telnet through port 1 of
vty, you can enter it by typing 1 in privileged exec mode. 1 is the idle vty port number. How I enter
vty port 1 is shown in figure below.

I will check active users again by using command sh users in privileged exec mode.

CLOSING TELNET CONNECTION

1. Typing exit in user exec mode terminates telnet connection.
2. Typing logout in user exec mode also terminates telnet connection.
3. Pressing <ctrl+shift+6> releasing it and then <pressing 6> suspends the telnet connections and does
not terminate it.

SUMMARY OF COMMANDS USED TO TELNET

Router> 172.16.20.1

Starts telnetting with the router which has IP address

172.16.20.1

Router> ctrl+shift+6,release, then

press 6

Suspends the Telnet session, but does not terminate it

Router# show sessions

Displays connections you opened to other sites

Router# show users

Displays who is connected remotely to you

Router> exit

Terminates the Telnet session

Router> logout

Terminates the Telnet session

http://ccnabasics.com/category/e-remote-configurations/

Also, opens a connection to telnet with multiple devices

simultaneously.

9/10

1/10/2015

e. REMOTE CONFIGURATIONS | CCNA Basics

Posted in e. REMOTE CONFIGURATIONS

Leave a comment
CCNA Basics

Blog at WordPress.com. The Splendio Theme.

Follow

Follow CCNA Basics

Build a website with WordPress.com

http://ccnabasics.com/category/e-remote-configurations/

10/10