SSH Version 2 Configuration
The SSH protocol (Secure Shell) is a method for secure remote login from one device to other. SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. As discussed in another blog, SSH has two versions –
SSH VERSION 1
SSH v1 (Secure Shell) provides an encrypted channel to users for logging into remote device. It provides strong host-to-host and user authentication. It also provides secure encrypted communications over the Internet.
SSH Version2
On the contrary, SSH2 is a much more secured, an efficient version of SSH that includes SFTP, which is functionally similar to FTP with addition of SSH2 encryption.
SSH works on port 22. It is a secure alternative to the non-protected login protocols (such as Telnet) and insecure file transfer methods (such as FTP).
Steps to configure SSH:
- Configure the router hostname using command “hostname”.
- Configure the domain name using command “ip domain-name”.
- Generate public and private keys using command “crypto key generate rsa”.
- Create a user in the local database using command “username…secret”.
- Allow only SSH access on VTY lines using command “transport input ssh”.
SSH Version 2 configuration on a Cisco router IOS –
Step 1-
Configure Hostname and DNS Domain
aaa new-model
username Cisco password Cisco
ip domain-name Cisco.local
Generate RSA key to be used.
For SSH Version 2, the modulus size must be at least 768 bits.
Enable SSH transport support for the virtual type terminal (vty)
transport input SSH
COMMANDS TO VERIFY SSH CONFIGURATION:
- show ssh
- how ip ssh
- debug ip ssh