TechTutorials - Free Computer Tutorials  







IPv6 Training (Cisco): Enabling SSH on a Cisco IPv6 Router 
 


Added: 09/08/2008, Hits: 4,671, Rating: 0, Comments: 0, Votes: 0
Add To Favorites | Comment on this article
Secure Shell or “SSH” is an Application layer protocol that uses a secure channel; the secure channel ensures that the data being exchanged between two IP devices is totally secure (encrypted).

A Cisco IPv6 router can either act like a SSH server or a SSH client. When a Cisco IPv6 router is acting like a SSH server, it allows a SSH client (IP device) to make a secure, encrypted connection to the Cisco router; and when a Cisco IPv6 router is acting like a SSH client, it is able to make a secure, encrypted connection to another Cisco router or to any other IP device running as a SSH server.

Now, before you can enable Secure Shell or “SSH” on a Cisco IPv6 router, the router must meet certain requirements and those requirements are:

  • The router must be imaged with either an IPsec Data Encryption Standard (DES) or a Triple Data Encryption Standard (3DES) encryption software image.

  • It should be running Cisco IOS Release 12.1(3)T or higher.

  • It should be configured with a host name (by using the global configuration command hostname) and a host domain (by using the global configuration command ip domain-name).

  • It should already have a Rivest, Shamir, and Adelman (RSA) key pair generated. The RSA key pair is used to automatically enable SSH on the router; to generate a RSA key pair use the “crypto key generate rsa” global configuration command.

  • It should already have a user authentication mechanism configured for local or remote access. Currently, with SSH over an IPv6 transport; the only user authentication mechanism supported, is locally stored usernames and passwords. The TACACS+ and RADIUS user authentication mechanisms are not supported over an IPv6 transport. But, if you are in an IPv6 network environment and would like to have either TACACS+ or RADIUS authenticate SSH clients; you must configure TACACS+ or RADIUS over an IPv4 transport and then connect to an SSH server over an IPv6 transport.


Here are the steps to enable SSH (SSH server) on an IPv6 router:
  1. Router>enable

  2. Router#configure terminal

  3. Router(config)#ip ssh [timeout seconds | authentication-retries integer]

  4. Router(config)#exit

  5. Router#copy run start


Steps Explained:

Step #1

1. Router>enable

Puts router into Privileged EXEC mode.

Step #2

2. Router#configure terminal

Puts router into Global configuration mode.

Step #3

3. Router(config)#ip ssh timeout 100 authentication-retries 2

Configures the SSH (server) control variables on the router.

Step #4

4. Router(config)#exit

Causes router to exit global configuration mode and re-enters into Privileged EXEC mode.

Step #5

5. Router#copy run start

Saves the contents of the running-config to local Non -Volatile Random Access Memory (NVRAM).

Here are the steps that allow a Cisco IPv6 router that is acting like a SSH client to initiate an encrypted SSH session with a remote networking device.

Router>enable
Router#ssh [-v {1 | 2}] [-c {3des | aes128-cbc | aes192-cbc | aes256-cbc}] [-l userid | -l userid:{number}{ip-address} | -l userid:rotary{number} {ip-address}] [-m {hmac-md5 | hmac-md5-96 |
hmac-sha1 | hmac-sha1-96}] [-o numberofpasswordprompts n] [-p port-num] {ip-addr |
hostname} [command]

Steps Explained:

Step #1

1. Router>enable

Puts router into Privileged EXEC mode.

Step #2

2. Router#ssh

Initiates an encrypted session with a remote networking device.

I invite you to visit my website at www.ciscoipv6ittechtips.com where you’ll find the latest information regarding Cisco IPv6 Design and Implementation Techniques. And, also learn more about the new "Cisco IPv6 Video Accelerated Training Course" which contains over 3000 videos that will teach you all you need to know about Designing, Building, and Deploying Cisco IPv6 networks. (Guaranteed)

To your success,

Charles Ross
CCNP #CSCO10444244
http://www.ciscoipv6ittechtips.com







Comments (0)

Be the first to comment on this article


Related Items








7 Seconds Resources, Inc.




IT Showcase