Secure connection: replace Telnet with SSH

Using Telnet, the TCP/IP protocol used to access a remote computer to control your network device is equivalent to shouting your username and password when you leave a building. Soon, someone will listen and they will take advantage of your lack of security awareness. SSH is an industry standard that replaces Telnet and other remote console management applications. SSH commands are encrypted and are kept confidential in several ways. When using SSH, a digital certificate authenticates the connection between the client (your workstation) and the server (your network device) and encrypts the protected password. SSH1 uses the RSA encryption key, SSH2 uses the digital Signature Algorithm (DSA) key to protect the connection and authentication. Cryptographic algorithms include Blowfish, Data Encryption Standard (DES), and Sanchong DES (3DES). SSH protection and helps prevent spoofing, "man-in-the-middle" attacks, and packet sniffing. The first step in implementing SSH is to verify that your device supports SSH. Please log in to your router or switch and determine if you have loaded a ipsecios mirror that supports SSH. In our example, we will use the Ciscoios command. Run the following command: Router>showflash This command displays the iOS mirror name that has been loaded. You can use the results to compare your vendor's support feature List. After you verify that your device supports SSH, make sure that the device has a host name and a properly configured host domain, as follows: router>configterminal Router (config) #hostnamehostname Router ( Config) #ipdomain-namedomainname at this time, you can enable the SSH server on the router. To enable an SSH server, you first have to use the following command to generate a pair of RSA keys: Router (config) #cryptokeygeneratersa generate a pair of RSA keys on the router to automatically enable SSH. If you delete this pair of RSA keys, the SSH server is automatically disabled. The final step in implementing SSH is to enable authentication, authorization, and Auditing (AAA). When you configure AAA, specify the username and password, the session timeout, and the number of attempts that a connection allows. Use commands like the following: Router (config) #aaanew-model Router (config) #usernamepassword Router (config) #ipsshtime the-out Router (config) #ipsshauthentication-retries To verify that you have configured SSH and that it is running on your router, execute the following command: ROUTER#SHOWIPSSH after verifying the configuration, You can force the users you add to the AAA configuration to use SSH instead of Telnet. You can also use SSH in a virtual terminal (vty) connection to achieve the same goal. Here's an example: Router (config) #linevty04 Router (config-line) #transportinputSSH before you close an existing Telnet session, you need an SSH Terminal client program to test your configuration. I highly recommend putty; it's free, and it's an excellent terminal software. The final idea after you have SSH enabled on your router and switch, make sure you modify all existing access control lists to allow connections to those devices. You can now report to your superiors that you have blocked a huge security breach: All network management sessions are now encrypted and protected. (Responsible editor ZHAOHB musicemail#sohu.com TEL: (010) 68476636-8007) give force (0 votes) to the (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) The original: Secure connection: replace Telnet with SSH Back to network security home