Secure connection: replace Telnet with SSH

Source: Internet
Author: User
Keywords Ssh telnet
Tags access applications authenticate client computer configuration console control
Using Telnet, the TCP/IP protocol used to access a remote computer to control your network device is equivalent to shouting your username and password when you leave a building. Soon, someone will listen and they will take advantage of your lack of security awareness. SSH is an industry standard that replaces Telnet and other remote console management applications. SSH commands are encrypted and are kept confidential in several ways. When using SSH, a digital certificate authenticates the connection between the client (your workstation) and the server (your network device) and encrypts the protected password. SSH1 uses the RSA encryption key, SSH2 uses the digital Signature Algorithm (DSA) key to protect the connection and authentication. Cryptographic algorithms include Blowfish, Data Encryption Standard (DES), and Sanchong DES (3DES). SSH protection and helps prevent spoofing, "man-in-the-middle" attacks, and packet sniffing. The first step in implementing SSH is to verify that your device supports SSH. Please log in to your router or switch and determine if you have loaded a ipsecios mirror that supports SSH. In our example, we will use the Ciscoios command. Run the following command: Router>showflash This command displays the iOS mirror name that has been loaded. You can use the results to compare your vendor's support feature List. After you verify that your device supports SSH, make sure that the device has a host name and a properly configured host domain, as follows: router>configterminal Router (config) #hostnamehostname Router ( Config) #ipdomain-namedomainname at this time, you can enable the SSH server on the router. To enable an SSH server, you first have to use the following command to generate a pair of RSA keys: Router (config) #cryptokeygeneratersa generate a pair of RSA keys on the router to automatically enable SSH. If you delete this pair of RSA keys, the SSH server is automatically disabled. The final step in implementing SSH is to enable authentication, authorization, and Auditing (AAA). When you configure AAA, specify the username and password, the session timeout, and the number of attempts that a connection allows. Use commands like the following: Router (config) #aaanew-model Router (config) #usernamepassword Router (config) #ipsshtime the-out Router (config) #ipsshauthentication-retries To verify that you have configured SSH and that it is running on your router, execute the following command: ROUTER#SHOWIPSSH after verifying the configuration, You can force the users you add to the AAA configuration to use SSH instead of Telnet. You can also use SSH in a virtual terminal (vty) connection to achieve the same goal. Here's an example: Router (config) #linevty04 Router (config-line) #transportinputSSH before you close an existing Telnet session, you need an SSH Terminal client program to test your configuration. I highly recommend putty; it's free, and it's an excellent terminal software. The final idea after you have SSH enabled on your router and switch, make sure you modify all existing access control lists to allow connections to those devices. You can now report to your superiors that you have blocked a huge security breach: All network management sessions are now encrypted and protected. (Responsible editor ZHAOHB musicemail#sohu.com TEL: (010) 68476636-8007) give force (0 votes) to the (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) The original: Secure connection: replace Telnet with SSH Back to network security home
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.