4.8 Remote Access using SSH

Question 1

What is the protocol that provides secure remote terminal access?

Answer 1

SSH

Secure Shell (SSH) is designed for secure, encrypted remote access to devices, unlike Telnet, which is unencrypted.

Question 2

Fill in the Blank:

SSH ensures secure communication by ______ data during transmission.

Answer 2

encrypting

SSH uses encryption algorithms to protect sensitive data such as usernames, passwords, and session details from unauthorized access.

Question 3

What types of data does SSH encrypt during a session?

Answer 3

Both usernames and passwords.

SSH provides comprehensive encryption for all transmitted data, safeguarding both usernames and passwords from potential eavesdroppers.

Question 4

List three primary functions of SSH.

Answer 4

1. Transferring files securely
2. Executing commands remotely
3. Establishing secure connections between systems

SSH is versatile, allowing for secure file transfers and remote command execution, enhancing system security.

Question 5

What port does SSH use for communication?

Answer 5

22

SSH communicates over port 22, while Telnet operates on port 23.

Question 6

What are the advantages of using SSH over Telnet?

Answer 6

1. Encryption of all data.
2. Stronger authentication.
3. Prevention of data interception.

SSH ensures confidentiality, integrity, and secure access compared to Telnet, which is vulnerable to man-in-the-middle attacks due to lack of encryption.

Question 7

List the steps required to configure SSH on a Cisco device.

Answer 7

1. Set the hostname.
2. Set the domain name.
3. Generate RSA keys.
4. Create user authentication.
5. Enable SSH on VTY lines.

These steps establish a secure SSH configuration on Cisco devices, ensuring encrypted remote access and management.

Question 8

Define:

RSA key pair

Answer 8

A public and private key used for encryption.

In SSH, the RSA key pair facilitates secure data transmission by encrypting and decrypting information between the client and server, ensuring confidentiality and integrity during remote sessions.

Question 9

True or False:

SSH version 1 is preferred for secure remote access.

Answer 9

False

SSH version 2 is preferred because it provides better encryption and security features compared to SSH version 1, which has known vulnerabilities.

Question 10

What command is used to enable SSH version 2 on a Cisco device?

Answer 10

ip ssh version 2

This command enables SSH version 2, which is more secure than version 1 and supports stronger encryption methods.

Question 11

What happens when SSH is configured on a device?

Answer 11

RSA keys are generated, enabling encrypted access.

The device creates public and private keys to establish a secure connection. These keys allow encrypted communication, ensuring data protection during remote access.

Question 12

Define:

VTY lines

Answer 12

Virtual terminal lines for remote access.

VTY lines allow remote devices to access the Cisco device’s CLI. When configured for SSH, they allow encrypted, secure connections.

Question 13

Why should Telnet be disabled when using SSH?

Answer 13

Becuase telnet transmits data in plaintext.

Since Telnet does not provide encryption, it exposes sensitive data, such as login credentials, to potential interception. SSH, in contrast, provides strong encryption.

Question 14

Fill in the blank:

The command to disable Telnet and enable SSH is ‘______ ______ ______’.

Answer 14

transport input ssh

This command disables Telnet, ensuring that remote access is only allowed through the secure SSH protocol.

Question 15

True or False:

A domain name must be set before enabling SSH on a Cisco device.

Answer 15

True

The domain name is necessary for the creation of the RSA key pair, which is a prerequisite for enabling SSH on Cisco devices.

Question 16

What does the command ‘transport input ssh’ do on VTY lines?

Answer 16

It restricts access to SSH only.

This command ensures that only secure SSH connections are allowed on the VTY lines, preventing unencrypted Telnet access.

Question 17

What is SSH key exchange?

Answer 17

The process of exchanging cryptographic keys for encryption.

SSH key exchange involves securely exchanging public keys between the client and server to establish a secure, encrypted communication channel, protecting data from potential interception.

Question 18

True or False:

SSH can be configured without creating a user account.

Answer 18

False

A user account must be configured to authenticate SSH connections. Without a username and password, access to the device is not possible via SSH.

Question 19

What command sets the SSH timeout interval on a Cisco device?

Answer 19

exec-timeout [minutes] [seconds]

This command specifies the timeout interval for SSH sessions, enhancing security by limiting session durations.

Question 20

How can you verify the SSH configuration on a Cisco device?

Answer 20

show ip ssh

This command displays the current SSH configuration and status, allowing verification of settings.

Question 21

Fill in the blank:

To disable SSH on a Cisco device, use the command ______ ______ ______.

Answer 21

no ip ssh

This command disables SSH on the device, reverting to other remote access methods like Telnet if configured.