Discovering computer networks: hands on in the Open Networking Lab
Discovering computer networks: hands on in the Open Networking Lab

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

15.3 Secure shell access

Secure Shell (SSH) is a protocol, similar to Telnet, for remote access to computers and other devices. Unlike Telnet, SSH is secure because all traffic is encrypted, and it is essential to use it for remote access over the internet. SSH uses the same type of encryption as secure websites.

Watch the video below, which is about 3 minutes long. You will see how to generate SSH keys and to configure the router only to accept connections from particular users.

Secure shell access

Download this video clip.Video player: 82_secure_shell_access.mp4
Copy this transcript to the clipboard
Print this transcript
Show transcript|Hide transcript
 
Interactive feature not available in single page view (see it in standard view).

Activity 5 Try it out

10 minutes

  1. Open PT Anywhere [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] in a new tab or window so you can read these instructions.

    In this activity you will configure the router in the network to only accept SSH connections from the PC.

  2. Open the router console and enter global configuration mode using the password ‘opennetlab’.

  3. Set the hostname and domain name as ‘ONLRouter1’ and ‘example.com’.

    Generate the SSH keys with a size of 2048.

  4. Create a username, either ‘jason’ or your own name, with a secret password such as ‘onlssh’.

  5. Make sure that SSH is used rather than Telnet for connections.

  6. Now open the PC command line and start an SSH session to the router, giving the appropriate password.

  7. Confirm that you are connected to the router.

  8. Finish the SSH session by entering exit.

  9. Confirm that you can no longer connect to the router using Telnet.

Answer

Some configuration is required before SSH can be used. A set of keys must be generated on the router, and this will use information such as the router name and a domain name to generate unique keys.

Open the router console window and enter global configuration mode. Set the hostname with the command hostname ONLRouter1 and the domain name with command ip domain-name example.com. (You would replace these by appropriate names in a real installation.)

Use the command crypto key generate rsa, giving an appropriate key size such as 2048, to create the keys.

To create a user account with a secret password, enter a command such as username jason secret onlssh.

To ensure that only SSH is accepted for connection, the vty lines must be configured with a sequence of commands. First, use line vty 0 15 to enter line configuration mode. Then login local will require a username to be given, and transport input ssh will mean that only SSH connections are accepted.

This completes the setup for the router. To test the connection, you will need to turn to the command line on the PC.

To open an SSH session, you should enter the command ssh -l jason 192.168.0.1, giving the password ‘onlvty’ which you previously set on the router. You will see the message of the day and the prompt will change to ‘Router>’ showing that you are now giving commands to the router.

You can now work with the router’s command line, for example entering global configuration mode (you will need the password ‘opennetlab’) and show the running configuration.

You should exit from the SSH session using exit and confirm that you are back on the PC command line.

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371