Implementing SSH to Secure Remote Administrative Access


Traditionally, remote administrative access on routers was configured using Telnet on TCP port 23. However, Telnet was developed in the days when security was not an issue. For this reason, all Telnet traffic is forwarded in plain text.
SSH has replaced Telnet as the best practice for providing remote router administration with connections that support strong privacy and session integrity. SSH uses port TCP 22. It provides functionality that is similar to that of an outbound Telnet connection, except that the connection is encrypted. With authentication and encryption, SSH allows for secure communications over an insecure network.

Not all Cisco IOS images support SSH. Only cryptographic images can. Typically, these images have image IDs of k8 or k9 in their image names. Image names are discussed in Section 5.
The SSH terminal-line access feature enables administrators to configure routers with secure access and perform the following tasks:
Connect to a router that has multiple terminal lines connected to consoles or serial ports of other routers, switches, and devices.
Simplify connectivity to a router from anywhere by securely connecting to the terminal server on a specific line.
Allow modems attached to routers to be used for dial-out securely.
Require authentication to each of the lines through a locally defined username and password, or a security server such as a TACACS+ or RADIUS server.

Cisco routers are capable of acting as the SSH client and server. By default, both of these functions are enabled on the router when SSH is enabled. As a client, a router can SSH to another router. As a server, a router can accept SSH client connections.

0 comments:

Post a Comment

 

NBA Live Streaming. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com | Distributed by Blogger Templates Blog