IPv6 Training (Cisco): Enabling SSH on a Cisco IPv6 Router
Added: 09/08/2008,
Hits: 580,
Rating: 0,
Comments: 0,
Votes: 0 Add To Favorites
Secure Shell or “SSH” is an Application layer protocol that uses a secure channel; the secure channel ensures that the data being exchanged between two IP devices is totally secure (encrypted).
A Cisco IPv6 router can either act like a SSH server or a SSH client. When a Cisco IPv6 router is acting like a SSH server, it allows a SSH client (IP device) to make a secure, encrypted connection to the Cisco router; and when a Cisco IPv6 router is acting like a SSH client, it is able to make a secure, encrypted connection to another Cisco router or to any other IP device running as a SSH server.
Now, before you can enable Secure Shell or “SSH” on a Cisco IPv6 router, the router must meet certain requirements and those requirements are:
The router must be imaged with either an IPsec Data Encryption Standard (DES) or a Triple Data Encryption Standard (3DES) encryption software image.
It should be running Cisco IOS Release 12.1(3)T or higher.
It should be configured with a host name (by using the global configuration command hostname) and a host domain (by using the global configuration command ip domain-name).
It should already have a Rivest, Shamir, and Adelman (RSA) key pair generated. The RSA key pair is used to automatically enable SSH on the router; to generate a RSA key pair use the “crypto key generate rsa” global configuration command.
It should already have a user authentication mechanism configured for local or remote access. Currently, with SSH over an IPv6 transport; the only user authentication mechanism supported, is locally stored usernames and passwords. The TACACS+ and RADIUS user authentication mechanisms are not supported over an IPv6 transport. But, if you are in an IPv6 network environment and would like to have either TACACS+ or RADIUS authenticate SSH clients; you must configure TACACS+ or RADIUS over an IPv4 transport and then connect to an SSH server over an IPv6 transport.
Here are the steps to enable SSH (SSH server) on an IPv6 router:
Configures the SSH (server) control variables on the router.
Step #4
4. Router(config)#exit
Causes router to exit global configuration mode and re-enters into Privileged EXEC mode.
Step #5
5. Router#copy run start
Saves the contents of the running-config to local Non -Volatile Random Access Memory (NVRAM).
Here are the steps that allow a Cisco IPv6 router that is acting like a SSH client to initiate an encrypted SSH session with a remote networking device.
Initiates an encrypted session with a remote networking device.
I invite you to visit my website at www.ciscoipv6ittechtips.com where you’ll find the latest information regarding Cisco IPv6 Design and Implementation Techniques. And, also learn more about the new "Cisco IPv6 Video Accelerated Training Course" which contains over 3000 videos that will teach you all you need to know about Designing, Building, and Deploying Cisco IPv6 networks. (Guaranteed)
