Configure SSH on Cisco router or switch is enabling a secure management protocol. Telnet sends all in clear text which makes it vulnerable to anyone sniffing network traffic.
The arrangement is to utilize SSH, a cryptographic convention. It could be a secure shell giving secrecy of information being transmitted from your workstation to a switch or switch. Here is our basic topology:
Let’s say we’re supported into the switch and would like to empower SSH so able to oversee the switch from our work area.
Once you are in worldwide arrangement mode we bounce right in with the taking after setup:
conf t !! Configure a username with privilege 14 and a secret password of cisco username admin priv 14 secret cisco !! Before configuring SSH we need to define domain ip domain-name mobileinfoworld.com.com ! !! Configure the rsa keys with a key length 1024 crypto key generate rsa general-keys mod 1024 ! !! Enter the vty line configuration to enable ssh as the input protocol leaving out telnet line vty 0 15 transport input ssh ! !! The login neighborhood command tells the switch to provoke for a username and secret word confirmation against the neighborhood database of the switch login local exit
Now we test
ssh -l admin 10.1.1.100
You will be provoked for the admin secret word since the username was characterized within the ssh command. Since the admin account is arranged with benefit 15 we are consequently put into the worldwide arrangement mode, bypassing the empower secret word.
To compare our traffic with Telnet we will remove SSH:
conf t ! !! Enter line configuration line vty 0 15 ! !! To remove SSH, do not specify the protocol transport input telnet end
In Wireshark I will take after the TCP Stream of the bundle that shows up to be sending username and secret word traffic:
We can see the username and secret word in plain content additionally see what commands are being entered: