Scribd
Upload
109 views

SSH Configuration

The document describes configuring SSH access on routers R-1 and R-2. It configures interfaces, IP addresses, routing, and SSH settings like generating keys, setting passwords, and enabling SSH transport. This allows a laptop to SSH into R-1 and ping interfaces on both routers, confirming basic connectivity over the SSH connection.

Uploaded by

R.k.Thapa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
109 views

SSH Configuration

The document describes configuring SSH access on routers R-1 and R-2. It configures interfaces, IP addresses, routing, and SSH settings like generating keys, setting passwords, and enabling SSH transport. This allows a laptop to SSH into R-1 and ping interfaces on both routers, confirming basic connectivity over the SSH connection.

Uploaded by

R.k.Thapa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Basic SSH Configuration

Prepared By: R. K. Thapa [CCNA Academy Certified, CCNP, MCT, MCSA : 2008 Server Administrator, MCTS, MCITP, MCSE: 2003 Server]
Contact : [email protected],


Task:
This Laptop 0 must be access the R-1 and R-2 using the ssh protocol. Using the Static Default Routing Protocol.
Router>
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#hostname R-1
R-1(config)#interface gi0/0
R-1(config-if)#ip address 192.168.1.1 255.255.255.0
R-1(config-if)#no shutdown
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
R-1(config-if)#exit
R-1(config)#interface loopback 0
%LINK-5-CHANGED: Interface Loopback0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R-1(config-if)#ip address 1.1.1.1 255.255.255.255
R-1(config-if)#no shutdown
R-1(config-if)#exit
R-1(config)#interface serial 0/0/0
R-1(config-if)#clock rate 64000
R-1(config-if)#ip address 12.1.1.1 255.255.255.252
R-1(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down
R-1(config-if)#exit
R-1(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0
R-1(config)#exit
R-1#write
Building configuration...
[OK]
R-1#

Basic SSH Configuration
Prepared By: R. K. Thapa [CCNA Academy Certified, CCNP, MCT, MCSA : 2008 Server Administrator, MCTS, MCITP, MCSE: 2003 Server]
Contact : [email protected],

Configure the SSH

R-1#conf t
R-1(config)#security passwords min-length 8
R-1(config)#login block-for ?
<1-65535> Time period in seconds
R-1(config)#login block-for 120 ?
attempts Set max number of fail attempts
R-1(config)#login block-for 120 attempts ?
<1-65535> Fail attempts max value
R-1(config)#login block-for 120 attempts 3 ?
within Watch period for fail attempts
R-1(config)#login block-for 120 attempts 3 within ?
<1-65535> Time period in seconds
R-1(config)#login block-for 120 attempts 3 within 60 ?
R-1(config)#login block-for 120 attempts 3 within 60

R-1(config)#line vty 0 4
R-1(config-line)#exec-timeout 10
R-1(config-line)#exit
R-1(config)#ip domain-name cisco.com
R-1(config)#crypto key generate rsa
The name for the keys will be: R-1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

R-1(config)#username kcc secret ccna
% Password too short - must be at least 8 characters. Password not configured.

R-1(config)#username kcc secret ccna1234
R-1(config)#enable password class1234

R-1(config)#line vty 0 4
R-1(config-line)#login local
R-1(config-line)#transport input ssh
R-1(config-line)#exit
R-1(config)#exit
R-1#write

Confirm

PC>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::2E0:A3FF:FE3C:724C
IP Address......................: 192.168.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1

Basic SSH Configuration
Prepared By: R. K. Thapa [CCNA Academy Certified, CCNP, MCT, MCSA : 2008 Server Administrator, MCTS, MCITP, MCSE: 2003 Server]
Contact : [email protected],
PC>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=0ms TTL=255
Reply from 192.168.1.1: bytes=32 time=0ms TTL=255
Reply from 192.168.1.1: bytes=32 time=0ms TTL=255
Reply from 192.168.1.1: bytes=32 time=0ms TTL=255
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
PC>ping 1.1.1.1
Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255
Reply from 1.1.1.1: bytes=32 time=0ms TTL=255
Reply from 1.1.1.1: bytes=32 time=0ms TTL=255
Reply from 1.1.1.1: bytes=32 time=0ms TTL=255
Ping statistics for 1.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
PC>ssh -l kcc 1.1.1.1
Open
Password: ccna1234

R-1>enable
Password: class1234
R-1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.1.1 YES manual up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/0/0 12.1.1.1 YES manual down down
Serial0/0/1 unassigned YES NVRAM administratively down down
Loopback0 1.1.1.1 YES manual up up
Vlan1 unassigned YES NVRAM administratively down down
R-1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1/32 is directly connected, Loopback0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0
R-1#


Basic SSH Configuration
Prepared By: R. K. Thapa [CCNA Academy Certified, CCNP, MCT, MCSA : 2008 Server Administrator, MCTS, MCITP, MCSE: 2003 Server]
Contact : [email protected],

R-2 Configuration
Router>
Router>enable
Router#configure terminal
Router(config)#hostname R-2
R-2(config)#interface serial 0/0/0
R-2(config-if)#ip address 12.1.1.2 255.255.255.252
R-2(config-if)#no shutdown
R-2(config)#interface loopback 0
R-2(config-if)#ip address 2.2.2.2 255.255.255.255
R-2(config-if)#no shutdown
R-2(config-if)#exit
R-2(config)#ip route 0.0.0.0 0.0.0.0 12.1.1.1

R-2(config)#security passwords min-length 6
R-2(config)#login block-for 120 attempts 3 within 60

R-2(config)#line vty 0 4
R-2(config-line)#exec-timeout 10
R-2(config-line)#exit
R-2(config)#ip domain-name isp.com
R-2(config)#crypto key generate rsa
% You already have RSA keys defined named R-2.cisco.com .
% Do you really want to replace them? [yes/no]: y
The name for the keys will be: R-2.isp.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

R-2(config)#username isp password ccna1234
R-2(config)#enable password class1234

R-2(config)#line vty 0 4
R-2(config-line)#login local
R-2(config-line)#transport input ssh
R-2(config-line)#exit
R-2(config)#exit
R-2#
R-2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/13 ms

R-2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/7/32 ms

Basic SSH Configuration
Prepared By: R. K. Thapa [CCNA Academy Certified, CCNP, MCT, MCSA : 2008 Server Administrator, MCTS, MCITP, MCSE: 2003 Server]
Contact : [email protected],
R-2#ping
Protocol [ip]:
Target IP address: 192.168.1.2
Repeat count [5]: 20
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 2.2.2.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 20, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (20/20), round-trip min/avg/max = 1/3/29 ms

R-2#


Confirm

PC>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::2E0:A3FF:FE3C:724C
IP Address......................: 192.168.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1

PC>ping 12.1.1.2

Pinging 12.1.1.2 with 32 bytes of data:

Reply from 12.1.1.2: bytes=32 time=2ms TTL=254
Reply from 12.1.1.2: bytes=32 time=1ms TTL=254
Reply from 12.1.1.2: bytes=32 time=16ms TTL=254
Reply from 12.1.1.2: bytes=32 time=1ms TTL=254

Ping statistics for 12.1.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 16ms, Average = 5ms

PC>ping 2.2.2.2

Pinging 2.2.2.2 with 32 bytes of data:

Reply from 2.2.2.2: bytes=32 time=2ms TTL=254
Reply from 2.2.2.2: bytes=32 time=1ms TTL=254
Reply from 2.2.2.2: bytes=32 time=1ms TTL=254
Reply from 2.2.2.2: bytes=32 time=1ms TTL=254

Ping statistics for 2.2.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Basic SSH Configuration
Prepared By: R. K. Thapa [CCNA Academy Certified, CCNP, MCT, MCSA : 2008 Server Administrator, MCTS, MCITP, MCSE: 2003 Server]
Contact : [email protected],
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms

PC>ssh -l isp 2.2.2.2
Open
Password: ccna1234


R-2>enable
Password: class1234
R-2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is 12.1.1.1 to network 0.0.0.0

2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2/32 is directly connected, Loopback0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.1.1.0/30 is directly connected, Serial0/0/0
L 12.1.1.2/32 is directly connected, Serial0/0/0
S* 0.0.0.0/0 [1/0] via 12.1.1.1

R-2#show protocols
Global values:
Internet Protocol routing is enabled
GigabitEthernet0/0 is administratively down, line protocol is down
GigabitEthernet0/1 is administratively down, line protocol is down
Serial0/0/0 is up, line protocol is up
Internet address is 12.1.1.2/30
Serial0/0/1 is administratively down, line protocol is down
Loopback0 is up, line protocol is up
Internet address is 2.2.2.2/32
Vlan1 is administratively down, line protocol is down
R-2# exit
PC>

You might also like