Do we need to know SSH?

lon21

I'm just going through learning the labs from CBT Videos.

One of the labs show configuring SSH on a Cisco switch. I'm using packet tracer and a 2950T-24 Switch (recommended for CCNA exams) and the command 'ip domain-name' can't be seen/used in the IOS. The command is not available when I use '?'

I understand I may have a old IOS but, would I need to learn the setup/configure of SSH for the CCNA exam?


Thanks

MosGuy

SSH is listed in both the ICND1 & ICND2 blue prints. I would get some hands on practice. In packet tracer the 2950 doesn't emulate a supported IOS. But you can use either: 3650 switch or 1841 router instead.

Stotic

To setup SSH on a Cisco switch or router, the IOS image has to have the encryption capability (look for 'k9' within the IOS file name).

Once you have that, all that you really need to do is:
hostname BLAH
ip domain-name BLAH.com
crypto key generate
ip ssh version 2
line vty 0 15
transport input ssh

The hostname is needed to create a domain-name. A domain-name is necessary to generate encryption keys with Crypto key generate. 'transport input ssh' configures SSH only on every inbound session.

Everything else is just playing with the different versions and dealing with timeouts.

CodeBlox

Yes. They could show you a configuration and you need to be able to determine if an SSH attempt would be successful.

amb1s1

Stotic wrote: »

To setup SSH on a Cisco switch or router, the IOS image has to have the encryption capability (look for 'k9' within the IOS file name).

Once you have that, all that you really need to do is:
hostname BLAH
ip domain-name BLAH.com
crypto key generate
ip ssh version 2
line vty 0 15
transport input ssh

The hostname is needed to create a domain-name. A domain-name is necessary to generate encryption keys with Crypto key generate. 'transport input ssh' configures SSH only on every inbound session.

Everything else is just playing with the different versions and dealing with timeouts.

You need to setup an username and password:

username cisco password cisco

and under line VTY 0 15 you need to type:

login local

There are other way to login, but this is the easiest one, no use of TACAS.

ccnaomkar

ssh is necessary

login local is normally used for ccna studies

lon21

For a few weeks I'm using Packet Tracer, but I'm not able to perform SSH.

Is it possible I can update the IOS on Packet Tracer to support SSH?

If it is possible, where would I find the update window?

Thanks

MosGuy

lon21 wrote: »

For a few weeks I'm using Packet Tracer, but I'm not able to perform SSH.

Is it possible I can update the IOS on Packet Tracer to support SSH?

If it is possible, where would I find the update window?

Thanks

Since packet tracer is just simulation software. No you can't change the IOS, but as I mentioned in my original reply. You can practice setting up & using SSH in packet tracer by using a 3650 switch or 1841 router, instead of the 2950 switch.

CodeBlox

I believe all of the routers support SSH in Packet Tracer.

alan2308

CodeBlox wrote: »

I believe all of the routers support SSH in Packet Tracer.

The same logic applies to your lab. Try it on a router.

lon21

ccnaomkar wrote: »

ssh is necessary

login local is normally used for ccna studies

CBT Videos does not show 'login local' but is still able to connect via SSH.

Is login local still needed?

Thanks

Hypntick

lon21 wrote: »

CBT Videos does not show 'login local' but is still able to connect via SSH.

Is login local still needed?

Thanks

I seem to recall it does show the login local command. I just watched them last week actually. That's what allows your login session to pull from the username and password you've set up on the router/switch. At least that's my understanding of it.

Daniel333

You will need to know it for real life. Setup a few routers with it if you have physical hardware. Otherwise use GNS3.

If you want to research more on SSH here ya go,
MasterClass! - Using Secure Shell (SSH) Tutorials