Configuring Secure Passwords and SSH

Yaser Rahmati | Instructor Version

Topology

Download Packet Tracer Completed File

Addressing Table

Scenario

The network administrator has asked you to prepare RTA for deployment. Before it can be connected to the network, security measures must be enabled.

Requirements

  • Configure the hostname as RTA.

Router(config)#hostname RTA
RTA(config)#
  • Configure IP addressing on PCA according to the Addressing Table.

RTA(config)#interface fastEthernet 0/0
RTA(config-if)#ip address 10.10.10.1 255.255.255.0
RTA(config-if)#no shutdown
  • Console into RTA from the Terminal on PC-A.

  • Configure IP addressing on RTA and enable the interface.

PC>ipconfig

FastEthernet0 Connection:(default port)

   Link-local IPv6 Address.........: FE80::20A:F3FF:FE8E:D89D
   IP Address......................: 10.10.10.2
   Subnet Mask.....................: 255.255.255.0
   Default Gateway.................: 10.10.10.1
  • Encrypt all plaintext passwords.

RTA(config)#service password-encryption
  • Set the domain name to yaser-rahmati.ir .

RTA(config)#ip domain-name yaser-rahmati.ir
  • Create a user of your choosing with a strong password.

RTA(config)# username any_user password any_password
  • Generate 1024-bit RSA keys.

RTA(config)#crypto key generate rsa
The name for the keys will be: RTA.yaser-rahmati.ir
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

RTA(config)#
  • Block anyone for three minutes who fails to log in after four attempts within a two-minute period.

RTA(config)#login block-for 180 attempts 4 within 120
  • Configure the VTY lines for SSH access and use the local user profiles for authentication.

RTA(config)#line vty 0 4
RTA(config-line)#transport input ssh
RTA(config-line)#login local 
  • Save the configuration to NVRAM.

RTA#write memory 
Building configuration...
[OK]
RTA#
  • Set a strong secret password of your choosing.

RTA(config)#enable secret any_pass
  • Be prepared to demonstrate to your instructor that you have established SSH access from PCA to RTA.

PC>ssh -l yaser 10.10.10.1
Open
Password: 



RTA>enable 
Password: 
RTA#

Personal website: www.yaser-rahmati.ir

Last updated