5 Secure Shell

This chapter covers

  • Securing access to a device’s console port
  • Creating local user accounts
  • Using Telnet to remotely access a device’s CLI
  • Using Secure Shell to remotely and securely access a device’s CLI

When we first covered the Cisco IOS CLI in volume 1, we looked at how to connect to a device’s CLI via the console port. To connect to a device’s console port, you must be physically near the device—console cables are typically only a few feet in length. But what if you need to access the CLI of a device in another city or another country? Perhaps you need to troubleshoot a connection between routers that are halfway across the globe from each other. Whatever the situation, you need a better way to access the CLI of your devices.

Secure Shell (SSH), the main topic of this chapter, allows you to securely connect to devices over an IP network such as the internet. SSH is an essential protocol for managing networks, allowing you to remotely configure and verify the devices in your network, and is an important topic on the CCNA exam. In this chapter, we will cover SSH and some related topics. Specifically, we will cover the following CCNA exam topics:

  • 4.8: Configure network devices for remote access using SSH
  • 5.3: Configure and verify device access control using local passwords

5.1 Console port security

5.1.1 Line password authentication

5.1.2 User account authentication

5.2 Remote management

5.2.1 Management IP addresses

5.2.2 Configuring Telnet

5.3 Secure Shell

5.3.1 Generating RSA keys

5.3.2 Configuring SSH

Summary