CCNA Notes

200-301 Exam Prep

Progress0/67

0% complete

Practice TestsNew
1Networking Devices2Interfaces And Cables3OSI Model and TCP/IP Suite4Intro to the CLI5Ethernet LAN Switching - Part 16Ethernet LAN Switching - Part 27IPv4 Addressing - Part 18IPv4 Addressing - Part 29Switch Interfaces10The IPv4 Header11Routing Fundamentals - Part 111Static Routing - Part 212Life of a Packet13Subnetting - Part 114Subnetting - Part 215Subnetting (VLSM) - Part 316VLANs - Part 117VLANs - Part 218VLANs - Part 319DTP / VTP20Spanning Tree Protocol - Part 121Spanning Tree Protocol - Part 222Rapid Spanning Tree Protocol23Etherchannel24Dynamic Routing25RIP / EIGRP26OSPF - Part 127OSPF - Part 228OSPF - Part 329First Hop Redundancy Protocol30TCP and UDP31IPv6 - Part 132IPv6 - Part 233IPv6 - Part 334Standard Access Control List35Extended Access Control List36CDP and LLDP37NTP - Network Time Protocol38DNS - Domain Name System39DHCP - Dynamic Host Configuration Protocol40SNMP - Simple Network Management Protocol41SYSLOG42SSH - Secure Shell43FTP and TFTP44NAT (Static) - Part 145NAT (Dynamic) - Part 246QoS (Voice VLAN) - Part 147QoS (Quality of Service) - Part 248Security Fundamentals49Port Security50DHCP Snooping51Dynamic ARP Inspection52LAN Architectures53WAN Architectures54Virtualization and Cloud - Part 154Virtualization (Containers) - Part 254Virtualization (VRF) - Part 355Wireless Fundamentals56Wireless Architectures57Wireless Security58Wireless Configuration59Introduction to Network Automation60JSON, XML, and YAML61REST APIs62Software Defined Networking63Ansible, Puppet, and Chef67CCNA Complete Cheatsheet
/SSH - Secure Shell
Topic 422 min read

SSH - Secure Shell

/
Tip: Select text to highlight or pin your reading position

42. SSH (Secure Shell)

CONSOLE PORT SECURITY

  • By DEFAULT, no password us needed to access the CLI of a CISCO IOS DEVICE via the CONSOLE PORT
  • You can CONFIGURE a PASSWORD on the console line
    • A USER will have to enter a PASSWORD to ACCESS the CLI via the CONSOLE PORT

imageClick to enlarge

  • Alternatively, you can configure the CONSOLE LINE to require USERS to LOGIN using one of the configured USERNAMES on the DEVICE

imageClick to enlarge

LAYER 2 SWITCH MANAGEMENT IP

  • LAYER 2 SWITCHES do not perform PACKET ROUTING and build a ROUTING TABLE. They are NOT IP ROUTING aware
  • However, you CAN assign an IP ADDRESS to an SVI to allow REMOTE CONNECTIONS to the CLI of the SWITCH (using Telnet or SSH)

imageClick to enlarge

TELNET

  • TELNET (Teletype Network) is a PROTOCOL used to REMOTELY ACCESS the CLI of a REMOTE HOST
  • TELNET was developed in 1969
  • TELNET has been largely REPLACE by SSH, which is MORE Secure
  • TELNET sends data in PLAIN TEXT. NO ENCRYPTION(!)
<aside> 💡 TELNET SERVERS listen for TELNET traffic on TCP PORT 23 </aside>

imageClick to enlarge

VERIFY TELNET CONFIGURATION

imageClick to enlarge

SSH

  • SSH (Secure Shell) was developed in 1995 to REPLACE LESS SECURE PROTOCOLS, like TELNET
  • SSHv2, a major revision of SSHv1, was released in 2006
  • If a DEVICE supports both v1 and v2, it is said to run ‘version 1.99’
  • Provides SECURITY features; such as DATA ENCRYPTION and AUTHENTICATION

CHECK SSH SUPPORT

imageClick to enlarge

RSA KEYS

  • To ENABLE and use SSH, you must first generate an RSA PUBLIC and PRIVATE KEY PAIR
  • The KEYS are used for DATA ENCRYPTION / DECRYPTION, AUTHENTICATION, etc.

imageClick to enlarge

VTY LINES

imageClick to enlarge

SUMMARY ABOUT SSH CONFIGURATIONS

imageClick to enlarge

imageClick to enlarge

PreviousSYSLOG
NextFTP and TFTP