Answer: Enabling SSH and Disabling Telnet

certskills
By certskills September 19, 2015 12:05

This #CCENT lab may have seemed simple at first, but it has just enough steps so that it is easy to miss a step. If you did the lab on paper only, make sure to check your answer here – but of course try the lab first. As usual with these labs, the goal is straightforward requirements, straightforward answers, and a few comments to uncover any gotchas with the lab. Enjoy!

Answers sit below the fold.

Answers

Switch Configuration

 

Commentary

Telnet transmits information in a non-encrypted form and the information can be intercepted while traversing a network. SSH provides a more secure communications method, encrypting all communications using an encryption key. That communication includes the initial login, which must use a username/password pair.

The initial configuration in this lab partially enabled SSH access and fully enabled Telnet access, as the result of both default settings and configured settings. The switch allowed incoming Telnet and SSH because of a default VTY setting of transport input all (meaning all methods, including both Telnet and SSH). The final command in the answer (Example 2) changes that setting to allow only SSH.

However, the initial configuration did not fully configure SSH access. First, the switch needs to generate an encryption key. That key generation process can (and does in this case) use the switch’s domain name as input. So the first two commands in Example 2 basically (1) define the input to the key generation process (ip domain-name example.com) and then (2) generates the key.

Finally, SSH requires the use of a username/password pair rather than a shared password. So, the configuration shows the login local command under the VTY ports, enabling the user of local username/password pairs rather than a password without a username. Additionally, the global command username Barney secret Rubble – which creates a username/password with an admittedly weak but fun password – is at least an encrypted password through use of the username secret command instead of the username password command.

Enabling SSH and Disabling Telnet
OSPF Network Config 1
certskills
By certskills September 19, 2015 12:05
Write a comment

1 Comment

  1. Yeah Mate March 31, 07:16

    Another very good lab, Wendell!

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories