Article directory
- Using the software Cisco Packet Tracer (Cisco Simulator)
- Introduction to SSH
- SSHv2 configuration
Using the software Cisco Packet Tracer (Cisco Simulator)
Cisco Packet Tracer is an auxiliary learning tool released by Cisco. It provides a network simulation environment for beginners studying Cisco network courses to design, configure, and troubleshoot network faults. Users can directly use the drag method to establish network topology on the software's graphical user interface, and can provide detailed processing of data packets traveling in the network and observe the real-time operation of the network. You can learn the configuration of IOS and practice troubleshooting skills.
Packet Tracer is a powerful network simulation program that allows students to experiment with network behavior and ask "what if" questions. As an integral part of Network Technology Academy's comprehensive learning experience, Package Tracer provides simulation, visualization, editing, evaluation, and collaboration capabilities that facilitate teaching and learning of complex technology concepts.
Packet Tracer complements the physical devices in the classroom by allowing students to create networks with an almost unlimited number of devices encouraging practice, discovery, and troubleshooting. A simulation-based learning environment helps students develop 21st century skills such as decision-making, creative and critical thinking, and problem solving. Packet Tracer complements the Networking Academy curriculum by making it easy for instructors to teach and demonstrate complex technical concepts and the design of network systems.
Packet Tracer software is available free of charge only to online college faculty, students, alumni, and administrators, and registered School Connect users.
Comes with soft installation package
Version 8.0, available from Baidu Netdisk
Link: https://pan.baidu.com/s/1GLVmHl_2nH5j_u-icNWzQg
a> Extraction code: 6w9t
Introduction to SSH
SSH (Secure Shell) is an encrypted network transmission protocol used to provide secure remote login and file transfer services on unsecured networks. It replaces traditional plaintext transmission protocols such as Telnet and FTP, providing a more secure and reliable data transmission method.
SSH configuration mainly refers to setting the relevant parameters of the SSH service on the client and server to achieve safe and efficient remote access. Here is an introduction to some common SSH configurations:
-
Client configuration:
- Install SSH client: In most operating systems, remote access can be achieved by installing the corresponding SSH client software. For example, Windows systems can use PuTTY, and Linux and macOS systems come with their own SSH clients.
- Generate SSH key pair: Generate a pair of public and private keys on the client to establish a secure connection with the server. The private key is used to verify identity, and the public key is used to encrypt data.
- Connect to the server: Use the SSH command to connect to the target server, such as
ssh username@server_ip, whereusernameis the user name of the target server, < a i=3> is the IP address of the target server.server_ip
-
server configuration:
- Install SSH server: Install SSH server software, such as OpenSSH, on the server to accept connection requests from clients.
- Generate SSH key pair: A pair of public and private keys are also generated on the server, which is used to establish a secure connection with the client. The private key is used to verify identity, and the public key is used to encrypt data.
- Configure the firewall: Make sure the server's firewall allows the port for SSH connections (default is 22) and prohibits other unnecessary connections.
-
SSH configuration file:
~/.ssh/config: On the client, you can edit this file to specify the connection parameters of commonly used servers, such as user name, host name, port, etc. This way you can use thessh config_namecommand directly when connecting./etc/ssh/sshd_config: On the server, you can configure the relevant parameters of the SSH service by editing this file, such as allowed connection protocols, key storage locations, authorization policies, etc. This file needs to be modified according to the actual situation and the SSH service needs to be restarted.
-
SSH security settings:
- Use password authentication: By default, SSH uses password authentication to log in. To improve security, it is recommended to use key verification to log in, save the private key locally and set up password protection.
- Disable root login: Disable root login on the server to reduce potential security risks. You can use the sudo command to execute commands that require administrator privileges.
- Restrict login permissions: Restrict only specific users to log in to the server by configuring the option in the
sshd_configfile.AllowUsers - Restrict IP access: By configuring the option in the
sshd_configfile, only clients with specific IP addresses or IP address ranges can access the server.AllowFrom
SSHv2 configuration
(1) Configuration requirements
In order to improve the security of router access in the network, SSHv2 needs to be configured on Router1 to improve the security of Router1. The specific configuration requirements are as follows:
Topology:
Configuration requirements:
- According to the topology requirements, configure the correct IP address for the router and enable the port.
- Configure the enable password on Router0. The password type is password and the password is 123.
- Configure the SSHv2 login username as lzy, password as abc, and user permissions as 15.
- Configure the allowed number of SSH verification retries on Router0 to be 5.
- Configure the IP domain name on Router0 as: lzy.edu.cn.
- Change the router hostname to lzy on Router0.
- Generate an RSA key pair on Router0 with a length of 1024.
- Configure VTY login on Router0 to pass local database authentication, and only allow 5 terminals to log in at the same time.
(2) Draw topology diagram
1. Add a router
2. Connect to the router
3. Open the f0/0 port
4. Configure the port IP address
(3) Enable password configuration
1. Configuration command
Router> 用户模式,只能使用一些简单的命令。
Router>enable 从用户模式切换到特权模式
Router# 特权模式,能查看设备的配置,能够保存配置。
Router#configure terminal 进入到全局配置模式。
Router(config)#enable password|secret 123 //配置enable密码 密码123 //password和secret 二选一
2. Configuration process
(4) Configure the password to log in to the Console console
1. Configuration command
Router(config)#line console 0 //配置登录控制台密码
Router(config-line)#password 123
Router(config-line)#login
Router(config-line)#end
Router#show running-config //查看配置信息
Router#configure terminal
Router(config)#service password-encryption //对所有未加密的口令进行弱加密
2. Configuration process
(5) SSH configuration
1. Configuration command
Router(config)#username lzy privilege 15 secret abc //配置SSH登录的用户、密码和权限
Router(config)#ip domain-name lzy.edu.cn //配置域名
Router(config)#ip ssh version 2 //启用SSHv2版本
Please create RSA keys (of at least 768 bits size) to enable SSH v2.
Router (config)#ip ssh time-out 5 //配置SSH连接超时的时间单位是秒
Router(config)#ip ssh authentication-retries 5 //配置允许SSH验证重试次数
Router(config)#hostname lzy //配置路由器名称
lzy(config)#crypto key generate rsa general-keys modulus 1024 //生成RSA密码对,对于SSHv2,参数key-length密钥长度至少为768bit
The name for the keys will be: lzy.lzy.edu.cn
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
*Mar 1 0:6:15.574: %SSH-5-ENABLED: SSH 2 has been enabled
2. Configuration process
(6) Open remote login via SSH on the router
1. Configuration command
lzy(config)#line vty 0 4 //0-4同时允许5个终端登录。
lzy(config-line)#login local //配置VTY登录要通过本地数据库验证
lzy(config-line)#transport input ssh //设备仅允许通过SSH方式登录
lzy(config-line)#exit
lzy(config)#exit
lzy(config)# write //保存配置,前面是lzy的原因是因为改了设备名称。
2. Configuration process
(7) Verify configuration
After the configuration is completed, log in to Router0 via SSH on Router1 to verify the relevant configuration
Use the command:ssh –v 2 –l lzy 192.168.1.1
Log in successfully and configure successfully.