CCNA LAB 58: Configuring SSH Access/Disable Telnet Access
本帖最后由 小乔 于 2022-12-1 16:08 编辑Lab Objective:
The objective of this lab exercise is for you to learn and understand how to configure a router or switch for SSH access. Your router or switch IOS must support encryption in order for the commands to work. You should see a k9 in the image name as well as a security statement from Cisco saying “This product contains cryptographic features…”.
Lab Purpose:
Protecting your Cisco devices by disabling Telnet and enabling SSH-only access is a core security step, as well as a CCNA exam requirement.
Certification Level:
This lab is suitable for CCENT certification exam preparation.
Lab Difficulty:
This lab has a difficulty rating of 7/10.
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 5 minutes.
Lab Topology:
Please use any single router or switch to complete this lab so long as it has the correct IOS image.
Task 1:
Attach a PC to a router using a switch or crossover cable and add the IP settings above to the devices. Configure any desired hostname on your device.
Task 2:
Configure a username and password on your router. Disable Telnet access on the VTY lines and enable SSH access.
Task 3:
Configure the router to use SSH with the settings below:
Doman name: howtonetwork.com
1024 modulus SSH timeout: 60 seconds
Authentication retries: 2
SSH version 2
Task 4:
Disable HTTP (Hypertext Transfer Protocol) access to the router. Issue the appropriate show commands to check your SSH settings.
Task 5:
Connect to the router using a PC with SSH.
Configuration and Verification
Task 1:
For reference information on configuring hostnames and IP addresses, please refer to earlier labs.
For the PC (if you are using Packet Tracer):
Task 2:
R1(config)#username howtonetwork password cisco
R1(config)#line vty 0 15
R1(config-line)#transport input ?
all All protocols
none No protocols
ssh TCP/IP SSH protocol
telnetTCP/IP Telnet protocol
R1(config-line)#transport input ssh
This command will also disable Telnet.
Task 3:
R1(config)#ip domain-name howtonetwork.com
R1(config)#crypto key generate rsa
The name for the keys will be: R1.howtonetwork.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus : 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...
R1(config)#ip ssh time-out ?
<1-120>SSH time-out interval (secs)
R1(config)#ip ssh time-out 60
R1(config)#ip ssh authentication-retries2
R1(config)#ip ssh version 2
Task 4:
R1(config)#no ip http server
R1#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 60 secs; Authentication retries: 2
R1#
R1#show crypto key ?
mypubkeyShow public keys associated with this router
R1#show crypto key my
R1#show crypto key mypubkey rsa
% Key pair was generated at: 0:2:58 UTC Mar 1 1993
Key name: R1.howtonetwork.com
Storage Device: not specified
Usage: General Purpose Key
Key is not exportable.
Key Data:
6af471367dfa1d2d53435e72197f4ed8229d63425c5b3b19601bbae018491391
7d676c5e3f4e6cb432e2f90331b5394340cb31ea5d2552b30016060077791266
51180b5a4f7595025df3ea6c4ffda4fc4b5351bb11f16ac42374aeb644f60c4e
% Key pair was generated at: 0:2:58 UTC Mar 1 1993
Key name: R1.howtonetwork.com.server
Temporary key
Usage: Encryption Key
Key is not exportable.
Key Data:
6b8a0260167f96e7117d29b758907508704e7231637db8c125a136f05b42e367 6177d5ee
78e4956274c2323f04153930553fd07b54dded201c5e4cc152a73cda 142c59d44f4145c4
045c761d54f78bbe2c66987704727c1e4c709e247d7ea3d2 Task 5: PC>ssh -l paul 10.1.1.1
Task 5:
PC>ssh -l paul 10.1.1.1
来源: CCNA LAB 49: Configuring Passwords on Catalyst Switches
来源: CCNA LAB 50: Permitting Telnet Access to Catalyst IOS Switches
来源: CCNA LAB51: Permitting Telnet Access to Catalyst IOS Switches—Login Local
来源: CCNA LAB 52: Permitting Console Access to Catalyst IOS Switches—Login Local
来源: CCNA LAB53: Configuring an Enable Secret Password and Exec Timeout on Catal...
来源: CCNA LAB 54: Configuring User Privileges on Cisco IOS Devices
来源: CCNA LAB 55: Configuring Command and Password Privilege Levels on Devices
来源: CCNA LAB 56: Configuring MOTD Banners
来源: CCNA LAB 57: Changing the Configuration Register on Cisco IOS Devices {:6_267:}{:6_267:}{:6_267:}{:6_267:}
页:
[1]