Telnet is a popular but insecure method of accessing IOS devices.
Telnet sessions are sent in plain text and can make it easy to sniff and capture confidential session information.
SSH can provide encryption and strong authentication as an alternative, it is available in two versions
SSH Version 1
Improvement over telnet in its handling of information between two devices; but there are some flaws in its implementation
SSH Version 2
The stronger version of SSH that is not compatible with SSHv1. SSHv2 has many benefits and is certified under the National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) 140-1 and 140-2.
Configuring SSH
Configure a hostname on the device with the global configuration command hostname <hostname>
Configure a domain name using the global configuration command ip domain-name <domain-name>
Generate cryptographic keys using the command crypto key generate rsa
The command will respond asking for a key modulus length. The longer the length the stronger the security, but the longer it will take to generate.
The modulus length needs to be at least 768 bits for SSHv2
Finally, force the router to use only Version 2 SSH with the global command ip ssh version 2
Leave a Reply