Skip to content
Skip to main content

About this free course

Download this course

Share this free course

Discovering computer networks: hands on in the Open Networking Lab
Discovering computer networks: hands on in the Open Networking Lab

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

15.3 Secure shell access

Secure Shell (SSH) is a protocol, similar to Telnet, for remote access to computers and other devices. Unlike Telnet, SSH is secure because all traffic is encrypted, and it is essential to use it for remote access over the internet. SSH uses the same type of encryption as secure websites.

Watch the video below, which is about 3 minutes long. You will see how to generate SSH keys and to configure the router only to accept connections from particular users.

Box _unit9.1.3 Secure shell access

Download this video clip.Video player: 82_secure_shell_access.mp4
Copy this transcript to the clipboard
Print this transcript
Show transcript|Hide transcript
Interactive feature not available in single page view (see it in standard view).

Activity _unit9.1.5 Activity 5 Try it out

10 minutes

  1. Open PT Anywhere [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] in a new tab or window so you can read these instructions.

    In this activity you will configure the router in the network to only accept SSH connections from the PC.

  2. Open the router console and enter global configuration mode using the password ‘opennetlab’.

  3. Set the hostname and domain name as ‘ONLRouter1’ and ‘’.

    Generate the SSH keys with a size of 2048.

  4. Create a username, either ‘jason’ or your own name, with a secret password such as ‘onlssh’.

  5. Make sure that SSH is used rather than Telnet for connections.

  6. Now open the PC command line and start an SSH session to the router, giving the appropriate password.

  7. Confirm that you are connected to the router.

  8. Finish the SSH session by entering exit.

  9. Confirm that you can no longer connect to the router using Telnet.


Some configuration is required before SSH can be used. A set of keys must be generated on the router, and this will use information such as the router name and a domain name to generate unique keys.

Open the router console window and enter global configuration mode. Set the hostname with the command hostname ONLRouter1 and the domain name with command ip domain-name (You would replace these by appropriate names in a real installation.)

Use the command crypto key generate rsa, giving an appropriate key size such as 2048, to create the keys.

To create a user account with a secret password, enter a command such as username jason secret onlssh.

To ensure that only SSH is accepted for connection, the vty lines must be configured with a sequence of commands. First, use line vty 0 15 to enter line configuration mode. Then login local will require a username to be given, and transport input ssh will mean that only SSH connections are accepted.

This completes the setup for the router. To test the connection, you will need to turn to the command line on the PC.

To open an SSH session, you should enter the command ssh -l jason, giving the password ‘onlvty’ which you previously set on the router. You will see the message of the day and the prompt will change to ‘Router>’ showing that you are now giving commands to the router.

You can now work with the router’s command line, for example entering global configuration mode (you will need the password ‘opennetlab’) and show the running configuration.

You should exit from the SSH session using exit and confirm that you are back on the PC command line.