LAB # 8: Telnet & SSH SSUET/QR/114

LAB # 8

REMOTE ACCESSING OF SWITCH USING TELNET &

SECURE SHELL (SSH)

OBJECTIVE
To configure Telnet for remote access of switch

THEORY
Telnet is a TCP/IP protocol, triggered by user command that allows you to access a remote
computer. While obtaining files from a remote computer via FTP is common, Telnet actually
goes one step further and allows you to log on as a regular user of the computer, with access to
all data and programs that may be installed on that computer. Telnet is usually used for technical
support purposes.
Telnet uses software, installed on your computer, to create a connection with the remote host.
The Telnet client (software), at your command, will send a request to the Telnet server (remote
host). The server will reply asking for a user name and password. If accepted, the Telnet client
will establish a connection to the host, thus making your computer a virtual terminal and
allowing you complete access to the host's computer.
Telnet requires the use of a user name and password, which means you need to have previously
set up an account on the remote computer. In some cases, however, computers with Telnet will
allow guests to log on with restricted access.
Type these commands for configuration

The line Vty 0-15 command selects the whole 0-15 VTY line range.
Switch(config)#line vty 0 15
Switch(config-line)#password cisco
Switch(config-line)#login
Switch(config-line)#enable secret $suet

Apply commands these command by following above

Switch(config)#interface vlan 1
Switch(config-if)#ip address 10.0.0.1 255.0.0.0
Switch(config-if)#no shutdown
Switch(config-if)#exit

Telnet Cisco device, go to command prompt of computer and type

C:\>telnet 10.0.0.1
CE-312: Data Communication 63
LAB # 8: Telnet & SSH SSUET/QR/114

Connecting To 10.0.0.1
User Access Verification
Password:
Switch>
SECURE SHELL (SSH)
To configure Secure Shell for remote access of switch

THEORY
Secure Shell (SSH) is set of programs which employ public/private key technology for authenticating and
encrypting sessions between user accounts on distributed hosts on the Internet.

SSH works by the exchange and verification of information, using public and private keys, to identify
hosts and users. It then provides encryption of subsequent communication, also by the use of
public/private key cryptography.

As a system administrator, you generate a public and private key pair for the system itself. By use of this
information contained within the system itself, the possibility of someone spoofing the system's identity
by faking IP addresses or mugging up DNS records that associate IP addresses and domain names is
removed. You would have to break into the system and steal its private key in order to successfully
pretend to be that system. This is a big improvement in security.

Create a local user name

Switch(config)#username ssuet password ccn

Assign a domain name

Switch(config)#ip domain-name ssuet.com

Following Command takes few a min to generate key

SSH uses encryption keys to encrypt the data exchanged in an SSH session.

ccn(config)#crypto key generate rsa

How many bits in the modulus [512]: 768
ccn(config)#enable password cisco

Configure vty ports for using SSH

ccn(config-line)#line vty 0 15
ccn(config-line)#login local
ccn(config-line)#transport input ssh

OR
ccn(config)# line vty 0 15
ccn(config-line)# login local
ccn(config-line)# transport input ssh telnet

CE-312: Data Communication 64

LAB # 8: Telnet & SSH SSUET/QR/114

Apply these commands

ccn(config)# interface vlan 1

ccn(config-if)# ip address 10.0.0.1 255.0.0.0
ccn(config-if)# no shutdown
ccn(config-if)# exit
Creating SSH session with Cisco device, , go to command prompt and type

C:\>SSH -L ssuet 10.0.0.1

Open

Enter the password configured in step 1

Password:
ccn>

Verification of SSH

ccn# show crypto key mypubkey rsa

ccn(config)#do show line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
0 CTY - - - - - 0 0 0/0 -
129 AUX 9600/9600 - - - - - 0 0 0/0 -
* 130 VTY - - - - - 67 0 0/0 -
131 VTY - - - - - 0 0 0/0 -

132 VTY - - - - - 0 0 0/0 -

133 VTY - - - - - 0 0 0/0 -
134 VTY - - - - - 0 0 0/0 -
135 VTY - - - - - 0 0 0/0 -
136 VTY - - - - - 0 0 0/0 -
137 VTY - - - - - 0 0 0/0 -
138 VTY - - - - - 0 0 0/0 -
139 VTY - - - - - 0 0 0/0 -
140 VTY - - - - - 0 0 0/0 -
141 VTY - - - - - 0 0 0/0 -
142 VTY - - - - - 0 0 0/0 -
143 VTY - - - - - 0 0 0/0 -
144 VTY - - - - - 0 0 0/0 -
145 VTY - - - - - 0 0 0/0 -
‘*’ shows the active telnet Session

ccn# show users

Line User Host(s) Idle Location
0 con 0 idle 00:00:00
* 67 vty 0 ssuet idle 00:00:45
To close telent or SSH connection

ccn#clear line vty 0

CE-312: Data Communication 65

LAB # 8: Telnet & SSH SSUET/QR/114

EXERCISE QUESTIONS
1. You need to set up a password that will prevent unauthorized users from accessing into your
Switch remotely using Telnet. What series of commands would you use?
2. Write difference between Telnet and SSH
3. Name the encryption techniques use for key encryption.
4. What are the ports numbers for Telnet and SSH?
5. Why do we use ‘login’ command after setting password on VTY lines?

CE-312: Data Communication 66