Configure Secure Remote Access On A Cisco Device Using SSH
In this video, we show you how to configure Cisco SSH on an IOS device such as a router or switch
By default, Cisco IOS devices provide Telnet for remote sessions, which is insecure as everything, including the username and password are exchanged in plain text
Although SSH is supported, the device requires a key pair creating and configured to allow encrypted, remote access
But that access should also be restricted, by limiting what IP addresses can connect as well as restricting the encryption algorithms allowed
=============================
SUPPORT THE CHANNEL
Donate through Paypal:
Donate through Buy Me A Coffee:
Become a monthly contributor on Patreon:
Become a monthly contributor on YouTube:
==============================
==============================
MEDIA LINKS:
Website -
Twitter -
Facebook -
Linkedin -
Instagram -
==============================
Example Cisco Configuration:
enable
configure terminal
!
! Host and domain
!
hostname uklon01wan01
ip domain-name ciscolab.lan
!
! Generate key
!
crypto key generate rsa modulus 4096
!
! Create username
!
username cisco privilege 15 algorithm-type sha256 secret cisco
!
! Configure IP address
!
interface GigabitEthernet0/0
ip address 172.16.22.50 255.255.255.0
no shutdown
!
! Enable local authentication
! Only allow SSH access
!
line vty 0 15
login local
transport input ssh
!
! Restrict to SSH v2 only
! Tighten SSH algorithms
!
ip ssh version 2
ip ssh server algorithm mac hmac-sha2-256
ip ssh server algorithm encryption aes256-ctr
ip ssh server algorithm kex diffie-hellman-group14-sha1
ip ssh dh min size 4096
!
! Restrict device access by network range
! Timeout idle sessions after 10 minutes
!
ip access-list standard SSH_ACL
permit 172.16.22.0 0.0.0.255
!
line vty 0 15
access-class SSH_ACL in
exec-timeout 10 0
!
! Disconnect session after 3 failed login retries
! Remove half-open or orphaned sessions
!
ip ssh authentication-retries 3
service tcp-keepalives-in
service tcp-keepalives-out
!
! Enable SCP for file transfers
!
ip scp server enable
Example Linux Configuration:
nano .ssh/config
Host uklon01wan01
hostname=172.16.22.50
KexAlgorithms=diffie-hellman-group14-sha1
HostKeyAlgorithms=ssh-rsa
Chapters
00:00 Intro
00:35 Assumptions
01:15 Generate Keys
03:04 User Account
05:18 Interface IP Address
06:32 Allow SSH Access
08:08 Restrict Algorithms
10:49 Linux SSH Settings
13:07 Final Settings
Credits
LoveLife | Instrumental Prod. Blue Mango | EQMUSEQ.COM by Don Da Vinci
cisco configure ssh,cisco configure ssh version 2,cisco configure ssh username and password,cisco configure ssh access,cisco ios ssh configuration,cisco ios ssh key exchange algorithm,cisco ios ssh version 2,cisco ios ssh configuration guide,cisco ios ssh timeout,cisco ios ssh client,cisco ssh configuration,ssh,cisco
Configure Secure Remote Access On A Cisco Device Using SSH
Watch video Configure Secure Remote Access On A Cisco Device Using SSH online without registration, duration 18 minute 04 second in high hd quality. This video was added by user Tech Tutorials - David McKone 26 August 2022, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1 thousand once and liked it 22 people.