There are multiple methods to manage a device like TELNET, SNMP, NETCONF, REST API,HTTP,HTTPS etc . But I think SSH by far is most standard and robust to method. Unlike telnet SSH uses TCP to initiate the connection between the server and client.Once the three way handshake is done basically three steps occur to exchange the cryptographic parameters and start the encrypted data exchange.
- SSH Vesion and application detail sharing
- Exchange of Encryption, Compression and MAC algorithms
- Diffie-hellman key exchange
- Encrypted data transfer
Following is the configuration you are required to do on the router for SSH to work :
R1(config)#ip domain-name protocoholic.com R1(config)#crypto key generate rsa % You already have RSA keys defined named R1.protocoholic.com. % Do you really want to replace them? [yes/no]: yes Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus :1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] *Apr 19 13:52:06.545: %SSH-5-ENABLED: SSH 2.99 has been enabled R1(config)#line vty 0 4 R1(config-line)#transport input ssh R1(config-line)#exit R1(config)#username cisco privilege 15 password cisco
Following is the wireshark capture for your reference:
To access Cisco router via SSH you can use any tool like putty.
At this point you should be able to login to the device via SSH. My next post in this series will explain the use of python library paramiko to SSH into the Cisco router.
In case you are interested to know how to SSH to a Cisco router with the help of python program you can check my blog SSH with python
Stay Tuned for more…