Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,720 --> 00:00:07,120 Welcome to Jeremy’s IT Lab. This is a free,\xa0\n 2 00:00:07,120 --> 00:00:12,560 videos, please subscribe to follow along with the\xa0\n 3 00:00:12,560 --> 00:00:16,399 and share the video to help spread this\xa0\n 4 00:00:17,839 --> 00:00:25,039 In this video we will cover SSH, Secure Shell.\xa0\n 5 00:00:25,039 --> 00:00:30,799 and configure them via the CLI. One option\xa0\n 6 00:00:30,800 --> 00:00:36,799 via the console port, which I introduced in an\xa0\n 7 00:00:36,799 --> 00:00:41,039 you to connect to a device remotely, without\xa0\n 8 00:00:42,479 --> 00:00:47,599 SSH is exam topic 4.8, which says you\xa0\n 9 00:00:47,600 --> 00:00:53,359 for remote access using SSH. I won’t\xa0\n 10 00:00:53,359 --> 00:00:57,840 I will take the opportunity to\xa0\n 11 00:00:59,200 --> 00:01:04,799 Here’s what we’ll cover in this video.\xa0\n 12 00:01:04,799 --> 00:01:08,959 last video about Syslog I mentioned\xa0\n 13 00:01:09,599 --> 00:01:14,239 So, I want to take the opportunity to explain\xa0\n 14 00:01:14,239 --> 00:01:19,839 make it more secure. Then I’ll explain the\xa0\n 15 00:01:20,879 --> 00:01:25,439 Layer 2 switches don’t route packets and\xa0\n 16 00:01:25,439 --> 00:01:31,039 can configure a management IP address on them so\xa0\n 17 00:01:32,319 --> 00:01:37,439 Then I will introduce Telnet, which is a\xa0\n 18 00:01:37,439 --> 00:01:44,239 and less-secure. Finally, the main topic of\xa0\n 19 00:01:44,239 --> 00:01:49,679 but the first few topics shouldn’t take too long\xa0\n 20 00:01:49,680 --> 00:01:55,360 a bonus practice question from Boson Software’s\xa0\n 21 00:01:57,280 --> 00:02:03,280 First, console port security. By default,\xa0\n 22 00:02:03,280 --> 00:02:09,360 a Cisco IOS device via the console port.\xa0\n 23 00:02:09,360 --> 00:02:14,240 use a console cable to connect your laptop to\xa0\n 24 00:02:15,439 --> 00:02:20,240 However, you can configure a password on the\xa0\n 25 00:02:20,240 --> 00:02:25,920 configure all settings related to console port\xa0\n 26 00:02:25,919 --> 00:02:32,239 enter a password to access the CLI via the console\xa0\n 27 00:02:32,240 --> 00:02:37,439 configure the console line, use the command\xa0\n 28 00:02:38,400 --> 00:02:43,760 There is only a single console line, so the\xa0\n 29 00:02:43,759 --> 00:02:49,120 only a single console line? It means there can\xa0\n 30 00:02:49,759 --> 00:02:54,319 You can’t have multiple people configuring the\xa0\n 31 00:02:54,319 --> 00:03:01,439 ports. Only one user can connect at a time. Then\xa0\n 32 00:03:02,639 --> 00:03:06,959 But configuring a password isn’t enough,\xa0\n 33 00:03:06,960 --> 00:03:12,400 tells the device to require a user to enter the\xa0\n 34 00:03:13,439 --> 00:03:19,439 That’s it, now a password will be required\xa0\n 35 00:03:19,439 --> 00:03:26,079 I used END and EXIT to terminate the console\xa0\n 36 00:03:26,080 --> 00:03:33,360 and I was asked for a password. I entered the\xa0\n 37 00:03:33,360 --> 00:03:38,320 that the password isn’t displayed as you type it,\xa0\n 38 00:03:40,080 --> 00:03:44,640 Alternatively, you can configure the console\xa0\n 39 00:03:44,639 --> 00:03:49,439 of the configured usernames on the device.\xa0\n 40 00:03:49,439 --> 00:03:54,560 in which we configured a specific password\xa0\n 41 00:03:54,560 --> 00:04:01,360 configurations. First, I created a username,\xa0\n 42 00:04:02,479 --> 00:04:08,799 I once again used LINE CONSOLE 0 to configure\xa0\n 43 00:04:08,800 --> 00:04:14,640 LOCAL. This tells the device to require a user\xa0\n 44 00:04:14,639 --> 00:04:20,079 on the device. So, instead of logging in using\xa0\n 45 00:04:20,639 --> 00:04:25,839 the user will have to use a username and\xa0\n 46 00:04:25,839 --> 00:04:32,000 configuration of R1’s console line. Notice that\xa0\n 47 00:04:32,000 --> 00:04:38,480 is still there, however I changed the login mode\xa0\n 48 00:04:38,480 --> 00:04:44,560 password of ccna can no longer be used. The\xa0\n 49 00:04:45,600 --> 00:04:50,800 So, I logged out of the connection pressed\xa0\n 50 00:04:50,800 --> 00:04:56,319 username and password, not just a password.\xa0\n 51 00:04:56,959 --> 00:05:02,719 That is the EXEC-TIMEOUT command. This will cause\xa0\n 52 00:05:02,720 --> 00:05:09,440 period of inactivity, 3 minutes and 30 seconds\xa0\n 53 00:05:09,439 --> 00:05:13,120 in case you leave your desk but forget\xa0\n 54 00:05:15,199 --> 00:05:20,479 Okay, that’s all for console line security. Now\xa0\n 55 00:05:21,600 --> 00:05:27,280 Routers and Layer 3 switches have IP addresses you\xa0\n 56 00:05:27,279 --> 00:05:33,119 but what about Layer 2 switches? Layer 2 switches\xa0\n 57 00:05:33,120 --> 00:05:39,040 routing table. They aren’t IP routing aware. Their\xa0\n 58 00:05:39,040 --> 00:05:45,439 as you already know. However, you can actually\xa0\n 59 00:05:45,439 --> 00:05:51,839 interface, to allow remote connections to the CLI\xa0\n 60 00:05:52,959 --> 00:05:59,039 For the rest of this video, I’ll use this\xa0\n 61 00:05:59,040 --> 00:06:03,280 and needs to be able to connect to all of the\xa0\n 62 00:06:03,279 --> 00:06:10,639 having to travel to different offices. To allow\xa0\n 63 00:06:10,639 --> 00:06:17,360 here’s how you can configure it. First, configure\xa0\n 64 00:06:17,360 --> 00:06:26,160 multilayer switch. INTERFACE VLAN, followed by the\xa0\n 65 00:06:26,160 --> 00:06:32,880 enable the interface if its shutdown by default.\xa0\n 66 00:06:32,879 --> 00:06:38,560 more step you need to configure to allow a Layer\xa0\n 67 00:06:38,560 --> 00:06:45,280 its local LAN. Use the IP DEFAULT-GATEWAY command\xa0\n 68 00:06:46,720 --> 00:06:52,240 PC2 isn’t in the same LAN, so SW1 can’t\xa0\n 69 00:06:53,199 --> 00:06:57,599 It has to send the traffic to a router, which\xa0\n 70 00:06:58,639 --> 00:07:03,199 It’s like configuring a default route, however\xa0\n 71 00:07:03,759 --> 00:07:07,120 so you have to use this command to\xa0\n 72 00:07:08,560 --> 00:07:12,399 Okay, that’s all the configuration needed\xa0\n 73 00:07:13,279 --> 00:07:17,039 To demonstrate Telnet and SSH,\xa0\n 74 00:07:19,439 --> 00:07:25,120 First up, Telnet. It’s not commonly used today\xa0\n 75 00:07:25,120 --> 00:07:33,040 before looking at SSH. Telnet, teletype network,\xa0\n 76 00:07:33,040 --> 00:07:38,879 a remote host. So instead of plugging your PC\xa0\n 77 00:07:39,439 --> 00:07:45,279 you can connect to the device on a remote\xa0\n 78 00:07:45,279 --> 00:07:51,359 a very old protocol. It has been largely, almost\xa0\n 79 00:07:52,240 --> 00:07:57,840 However SSH was developed in 1995,\xa0\n 80 00:07:58,720 --> 00:08:04,160 Telnet sends data in plain text, no\xa0\n 81 00:08:04,160 --> 00:08:10,160 like Wireshark to capture the traffic, they can\xa0\n 82 00:08:11,040 --> 00:08:17,520 Up top is a Telnet packet sent from R1, inside\xa0\n 83 00:08:17,519 --> 00:08:24,479 the CLI displays when trying to login. I entered\xa0\n 84 00:08:25,600 --> 00:08:32,560 But the password is displayed in plain text,\xa0\n 85 00:08:32,559 --> 00:08:36,879 who is able to capture the traffic like I did\xa0\n 86 00:08:36,879 --> 00:08:42,720 between my device and R1. The username, the\xa0\n 87 00:08:43,679 --> 00:08:47,919 That is definitely not secure, and\xa0\n 88 00:08:49,279 --> 00:08:55,600 Before moving on to Telnet configuration, I want\xa0\n 89 00:08:55,600 --> 00:09:01,680 that’s the device being connected to, R1 in this\xa0\n 90 00:09:01,679 --> 00:09:10,239 23. So, when my device sent the password to R1,\xa0\n 91 00:09:10,240 --> 00:09:15,519 make sure you remember that port number. And\xa0\n 92 00:09:15,519 --> 00:09:21,840 that is connecting, and as I just said the Telnet\xa0\n 93 00:09:23,360 --> 00:09:26,960 Here’s how to configure a device so that\xa0\n 94 00:09:28,320 --> 00:09:32,720 First, you should always configure an enable\xa0\n 95 00:09:33,440 --> 00:09:38,320 You won’t be able to access privileged exec mode\xa0\n 96 00:09:38,320 --> 00:09:45,120 isn’t configured. I also configured a username and\xa0\n 97 00:09:45,120 --> 00:09:50,879 mode. This isn’t necessary, but you can configure\xa0\n 98 00:09:50,879 --> 00:10:01,039 VTY lines of the device. And then use the command\xa0\n 99 00:10:01,039 --> 00:10:07,439 on the VTY lines. There are 16 lines available,\xa0\n 100 00:10:08,960 --> 00:10:17,840 LINE VTY 0 15 means you are configuring all lines,\xa0\n 101 00:10:17,840 --> 00:10:24,240 the VTY lines have the same configuration.\xa0\n 102 00:10:26,080 --> 00:10:32,400 Okay, first I configured LOGIN LOCAL as well as\xa0\n 103 00:10:32,399 --> 00:10:37,679 depends on the device. In this case it was\xa0\n 104 00:10:39,039 --> 00:10:42,240 Okay, next I used the command\xa0\n 105 00:10:43,120 --> 00:10:46,960 This is how you configure what kind of\xa0\n 106 00:10:47,840 --> 00:10:53,840 TRANSPORT INPUT TELNET allows only Telnet\xa0\n 107 00:10:53,840 --> 00:11:00,560 INPUT SSH to allow only SSH connections, or\xa0\n 108 00:11:02,000 --> 00:11:07,360 TRANSPORT INPUT ALL allows all connections,\xa0\n 109 00:11:07,360 --> 00:11:13,840 and SSH. Or, you can configure TRANSPORT INPUT\xa0\n 110 00:11:15,039 --> 00:11:20,639 The device I’m using for this demo defaults to\xa0\n 111 00:11:20,639 --> 00:11:29,439 default to TRANSPORT INPUT ALL. Finally, I applied\xa0\n 112 00:11:29,440 --> 00:11:35,840 will be able to connect to SW1 using Telnet. Note\xa0\n 113 00:11:36,559 --> 00:11:43,679 other devices will still be able to communicate\xa0\n 114 00:11:43,679 --> 00:11:49,839 although the command to apply the ACL to the VTY\xa0\n 115 00:11:49,840 --> 00:11:56,320 ACL to an interface is IP ACCESS-GROUP. And\xa0\n 116 00:11:56,320 --> 00:12:02,879 ACCESS-LIST or IP ACCESS-LIST. Try not\xa0\n 117 00:12:03,440 --> 00:12:07,440 IP ACCESS-GROUP, and\xa0\nACCESS-LIST or IP ACCESS-LIST. 118 00:12:08,720 --> 00:12:15,600 To verify the configuration, I first tried to ping\xa0\n 119 00:12:15,600 --> 00:12:21,200 when I tried to telnet to SW1, I got a message\xa0\n 120 00:12:22,000 --> 00:12:28,399 That’s because of the ACL I applied to SW1’s VTY\xa0\n 121 00:12:29,519 --> 00:12:35,120 So, I did Telnet from PC2, and it worked. Now,\xa0\n 122 00:12:36,240 --> 00:12:40,480 Notice how the VTY line configurations are\xa0\n 123 00:12:41,440 --> 00:12:45,200 The first 5 lines are displayed\xa0\n 124 00:12:46,159 --> 00:12:52,799 I believe this is just a result of the fact that\xa0\n 125 00:12:52,799 --> 00:12:56,719 even if you configure all 16 lines at\xa0\n 126 00:12:56,720 --> 00:13:02,399 config. That’s just a bit of trivia, it doesn’t\xa0\n 127 00:13:03,519 --> 00:13:08,480 So, that was a quick look at Telnet. Finally\xa0\n 128 00:13:10,159 --> 00:13:16,559 SSH, which stands for Secure Shell, was developed\xa0\n 129 00:13:16,559 --> 00:13:22,159 Telnet. By the way, if you’re wondering what\xa0\n 130 00:13:23,440 --> 00:13:28,960 A shell is a computer program which exposes the\xa0\n 131 00:13:28,960 --> 00:13:38,080 other program. So, any time you’re accessing the\xa0\n 132 00:13:38,080 --> 00:13:46,000 revision of SSHv1, was released in 2006. Version\xa0\n 133 00:13:46,000 --> 00:13:53,120 possible. If a device supports both version 1\xa0\n 134 00:13:54,159 --> 00:14:01,039 Note that 1.99 isn’t actually a version of SSH, it\xa0\n 135 00:14:01,039 --> 00:14:07,679 and version 2. SSH provides security features\xa0\n 136 00:14:08,639 --> 00:14:11,840 You’ll learn more about those terms\xa0\n 137 00:14:12,879 --> 00:14:17,840 But for example, here’s an SSH packet\xa0\n 138 00:14:17,840 --> 00:14:22,000 the encrypted packet section, it’s just\xa0\n 139 00:14:22,960 --> 00:14:28,879 Only the SSH server and client have the keys to\xa0\n 140 00:14:28,879 --> 00:14:35,039 the packet on the way to its destination, I\xa0\n 141 00:14:35,039 --> 00:14:43,839 SSH uses TCP port 22. So, remember that\xa0\n 142 00:14:45,600 --> 00:14:50,399 Before configuring SSH, you should make sure that\xa0\n 143 00:14:51,200 --> 00:14:57,520 I used the SHOW VERSION command, and here’s\xa0\n 144 00:14:57,519 --> 00:15:06,399 that I highlighted. IOS images that support SSH\xa0\n 145 00:15:06,399 --> 00:15:11,840 No Payload Encryption, IOS images to countries\xa0\n 146 00:15:12,879 --> 00:15:18,879 And those NPE IOS images do not support\xa0\n 147 00:15:18,879 --> 00:15:23,120 of encryption might be supported, but I would\xa0\n 148 00:15:23,120 --> 00:15:30,960 unfortunately I don’t have access to any NPE IOS\xa0\n 149 00:15:31,840 --> 00:15:38,080 If your device doesn’t support SSH, it will\xa0\n 150 00:15:38,080 --> 00:15:46,000 but disabled. Notice the version is 1.99,\xa0\n 151 00:15:46,000 --> 00:15:52,559 here’s a hint about the first step in configuring\xa0\n 152 00:15:53,679 --> 00:15:59,439 RSA keys are cryptographic keys that are essential\xa0\n 153 00:16:00,960 --> 00:16:06,720 Okay, so after ensuring that the IOS image you’re\xa0\n 154 00:16:06,720 --> 00:16:13,759 keys. The keys are used for data encryption and\xa0\n 155 00:16:13,759 --> 00:16:20,639 do that. First, I configured the domain name\xa0\n 156 00:16:21,679 --> 00:16:27,279 The reason for this is that the FQDN of\xa0\n 157 00:16:28,399 --> 00:16:34,639 By the way, FQDN means Fully Qualified Domain\xa0\n 158 00:16:34,639 --> 00:16:43,519 name. Then I generated the RSA keys. The command\xa0\n 159 00:16:43,519 --> 00:16:51,679 name the keys, SW1.jeremysitlab.com, which\xa0\n 160 00:16:51,679 --> 00:16:58,479 the size of the modulus, the size of the keys. I\xa0\n 161 00:16:59,840 --> 00:17:05,440 Note that you can just use the command CRYPTO KEY\xa0\n 162 00:17:05,440 --> 00:17:09,519 without having to specify it separately\xa0\n 163 00:17:11,119 --> 00:17:17,679 Note that the length must be 768 bits or greater\xa0\n 164 00:17:17,680 --> 00:17:23,039 that length. Greater key lengths are more\xa0\n 165 00:17:24,319 --> 00:17:28,079 After the keys are generated,\xa0\n 166 00:17:28,079 --> 00:17:36,000 indicating that SSH has been enabled. I check SHOW\xa0\n 167 00:17:38,480 --> 00:17:44,559 Now that SSH is enabled, let’s configure it. The\xa0\n 168 00:17:44,559 --> 00:17:51,919 so let’s do a clean configuration of SSH. First,\xa0\n 169 00:17:51,920 --> 00:17:59,440 a username, and an ACL to restrict connections\xa0\n 170 00:17:59,440 --> 00:18:04,640 VERSION 2. This is optional, but recommended\xa0\n 171 00:18:05,920 --> 00:18:12,800 Then once again, use the command LINE VTY\xa0\n 172 00:18:12,799 --> 00:18:20,240 like when configuring Telnet. Then enable local\xa0\n 173 00:18:20,240 --> 00:18:27,279 SSH, only LOGIN LOCAL works, a username is needed.\xa0\n 174 00:18:27,279 --> 00:18:33,680 server, but that’s a topic for another video.\xa0\n 175 00:18:33,680 --> 00:18:39,039 I configured the exec timeout again. This is\xa0\n 176 00:18:39,039 --> 00:18:43,359 default exec timeout, but you can use this\xa0\n 177 00:18:44,480 --> 00:18:52,400 Then I used TRANSPORT INPUT SSH. Best practice\xa0\n 178 00:18:52,400 --> 00:18:57,360 disabling Telnet because it’s less\xa0\n 179 00:18:58,400 --> 00:19:03,519 Just like for Telnet this is optional, but it\xa0\n 180 00:19:05,039 --> 00:19:11,039 Okay, let me summarize the SSH configuration\xa0\n 181 00:19:11,680 --> 00:19:16,560 I didn’t mention this previously because I had\xa0\n 182 00:19:16,559 --> 00:19:24,159 cannot generate its RSA keys without a non-default\xa0\n 183 00:19:24,160 --> 00:19:30,720 the default host name I tried the CRYPTO KEY\xa0\n 184 00:19:30,720 --> 00:19:36,799 please define a hostname other than router. So\xa0\n 185 00:19:36,799 --> 00:19:43,200 key pair again. However I haven’t defined a domain\xa0\n 186 00:19:44,079 --> 00:19:51,119 And that’s the next step in SSH configuration,\xa0\n 187 00:19:51,119 --> 00:19:58,319 IP DOMAIN NAME jeremysitlab.com. Then I try to\xa0\n 188 00:19:59,279 --> 00:20:04,240 So, remember that. To generate the RSA key\xa0\n 189 00:20:04,240 --> 00:20:10,319 and the domain name first. Actually, you can\xa0\n 190 00:20:10,319 --> 00:20:16,480 for the CCNA you just have to know this method.\xa0\n 191 00:20:17,519 --> 00:20:21,359 Then the next step is to configure an\xa0\n 192 00:20:21,359 --> 00:20:27,679 password combination. The order of this step\xa0\n 193 00:20:27,680 --> 00:20:34,560 configuration step, but make sure they are\xa0\n 194 00:20:35,359 --> 00:20:41,759 This isn’t necessary, but it is best practice\xa0\n 195 00:20:41,759 --> 00:20:49,200 configure the VTY lines. The most important one is\xa0\n 196 00:20:49,200 --> 00:20:55,519 then you can do any other VTY line configurations\xa0\n 197 00:20:56,480 --> 00:21:04,319 And that’s it, SSH should be working. From a\xa0\n 198 00:21:04,960 --> 00:21:12,880 followed by the username and IP address, or SSH\xa0\n 199 00:21:12,880 --> 00:21:20,160 practice lab. And make sure you do the practice\xa0\n 200 00:21:20,160 --> 00:21:24,000 But you need to know how to configure\xa0\n 201 00:21:26,240 --> 00:21:31,039 Here’s a summary of the new commands in this\xa0\n 202 00:21:31,039 --> 00:21:35,039 to do some labbing in packet tracer\xa0\n 203 00:21:36,000 --> 00:21:43,440 Unlike Syslog and SNMP, SSH configuration is\xa0\n 204 00:21:43,440 --> 00:21:47,360 purpose of any of these commands,\xa0\n 205 00:21:48,039 --> 00:21:50,960 SLIDE15\nBefore the quiz, here’s a review\xa0\xa0 206 00:21:50,960 --> 00:21:58,240 of what we covered. First, console port security.\xa0\n 207 00:21:58,240 --> 00:22:04,640 console port can access the CLI of the device. So,\xa0\n 208 00:22:05,839 --> 00:22:09,519 Then I introduced the concept of\xa0\n 209 00:22:10,640 --> 00:22:15,600 Layer 2 switches can’t route packets, but\xa0\n 210 00:22:15,599 --> 00:22:22,000 traffic on an SVI, allowing them to respond\xa0\n 211 00:22:23,200 --> 00:22:27,920 Then I introduced Telnet, a protocol that\xa0\n 212 00:22:28,960 --> 00:22:34,720 However, Telnet is old and not secure,\xa0\n 213 00:22:34,720 --> 00:22:38,079 Secure Shell instead when we\xa0\n 214 00:22:39,359 --> 00:22:42,959 Make sure to watch until the end of the\xa0\n 215 00:22:42,960 --> 00:22:49,600 Boson Software’s ExSim, the best practice exams\xa0\n 216 00:22:51,680 --> 00:22:58,240 You issue the crypto key generate rsa command on\xa0\n 217 00:22:58,240 --> 00:23:08,000 of the following might be the cause? Select two.\xa0\n 218 00:23:08,000 --> 00:23:14,160 The answers are A, a host name hasn’t been\xa0\n 219 00:23:14,160 --> 00:23:21,840 configured. The FQDN, fully qualified domain name,\xa0\n 220 00:23:22,640 --> 00:23:29,080 The FQDN consists of the device’s host name\xa0\n 221 00:23:29,079 --> 00:23:35,359 name of Router cannot be used, a host name must be\xa0\n 222 00:23:38,160 --> 00:23:42,880 Which of the following commands would allow\xa0\n 223 00:23:42,880 --> 00:23:47,760 the VTY lines of a device? (select two,\xa0\n 224 00:23:48,799 --> 00:23:50,960 Pause the video now to think about your answers. 225 00:23:55,839 --> 00:24:02,159 The answers are C, TRANSPORT INPUT\xa0\n 226 00:24:03,359 --> 00:24:10,159 C will allow Telnet and SSH, whereas D will\xa0\n 227 00:24:10,160 --> 00:24:18,160 there are protocols outside of Telnet and SSH that\xa0\n 228 00:24:18,160 --> 00:24:25,440 real command, and B, TRANSPORT INPUT NONE, would\xa0\n 229 00:24:28,000 --> 00:24:36,079 You want to allow only 192.168.1.1 to connect to\xa0\n 230 00:24:36,079 --> 00:24:40,319 fulfills that requirement? Pause the\xa0\n 231 00:24:44,400 --> 00:24:52,640 The answer is B. SSH uses TCP port 22. You must\xa0\n 232 00:24:52,640 --> 00:24:59,200 ACCESS-CLASS command to apply it to the VTY\xa0\n 233 00:24:59,200 --> 00:25:02,960 so it is the correct answer.\xa0\nOkay, let’s go to question 4. 234 00:25:05,359 --> 00:25:08,959 Which of the following statements\xa0\n 235 00:25:09,680 --> 00:25:13,840 Pause the video now to think about the answers. 236 00:25:16,240 --> 00:25:24,880 The answers are B, K9 IOS images support SSH, and\xa0\n 237 00:25:24,880 --> 00:25:35,840 for SSHv2. RSA keys are required to enable SSH, so\xa0\n 238 00:25:35,839 --> 00:25:42,639 SSH version, it is used to refer to a device that\xa0\n 239 00:25:44,079 --> 00:25:52,879 SSH does not send data in plain text, it encrypts\xa0\n 240 00:25:52,880 --> 00:25:59,760 do not support cryptographic features like SSH,\xa0\n 241 00:26:01,920 --> 00:26:10,160 A network admin using PC1 is remotely configuring\xa0\n 242 00:26:10,160 --> 00:26:15,519 What is the role of SW1 in this situation?\xa0\n 243 00:26:20,079 --> 00:26:27,599 The answer is B, SSH server. SSH and Telnet use\xa0\n 244 00:26:27,599 --> 00:26:33,919 connected to, SW1 in this case, is the server,\xa0\n 245 00:26:33,920 --> 00:26:38,960 PC1 in this case, is the client.\xa0\n 246 00:26:38,960 --> 00:26:43,360 Now let’s do a bonus practice question\xa0\n 247 00:26:46,160 --> 00:26:51,680 Okay here's today's Boson ExSim practice\xa0\n 248 00:26:51,680 --> 00:26:58,480 incoming VTY connections on a router with the\xa0\n 249 00:26:58,480 --> 00:27:03,039 image but has not yet been configured\xa0\n 250 00:27:03,920 --> 00:27:10,480 In addition, the VTY lines are not yet configured\xa0\n 251 00:27:10,480 --> 00:27:15,759 CRYPTO KEY GENERATE RSA command from global\xa0\n 252 00:27:15,759 --> 00:27:21,440 will you most likely receive? Select the\xa0\n 253 00:27:22,319 --> 00:27:26,399 Please pause the video now, check out the\xa0\n 254 00:27:31,279 --> 00:27:36,720 Okay, let's check. So the important information\xa0\n 255 00:27:36,720 --> 00:27:44,799 is Router1. It does have a K9 IOS image, so that\xa0\n 256 00:27:44,799 --> 00:27:51,359 with a domain name or an RSA key pair. So no\xa0\n 257 00:27:51,359 --> 00:28:00,479 likely receive? The name for the keys will be,\xa0\n 258 00:28:00,480 --> 00:28:06,240 as I said, the name for the key pair is\xa0\n 259 00:28:06,240 --> 00:28:11,599 which requires a host name and a domain name.\xa0\n 260 00:28:13,519 --> 00:28:19,440 B, please define a domain-name first. I think\xa0\n 261 00:28:19,440 --> 00:28:25,440 said you need a host name and a domain name. It\xa0\n 262 00:28:25,440 --> 00:28:32,160 but no domain name yet. C, please create RSA keys\xa0\n 263 00:28:32,160 --> 00:28:36,480 do there, so I don't think that message will\xa0\n 264 00:28:36,480 --> 00:28:43,440 than Router. It already has a non-default host\xa0\n 265 00:28:43,440 --> 00:28:49,680 not need SSH version 2 to create the RSA key\xa0\n 266 00:28:51,200 --> 00:28:57,840 And yes it is. So here is Boson's explanation.\xa0\n 267 00:29:01,759 --> 00:29:06,960 And here's the rest. There are some references\xa0\n 268 00:29:07,519 --> 00:29:12,400 as well as some Cisco documentation\xa0\n 269 00:29:16,319 --> 00:29:21,599 Okay, so that's Boson ExSim for CCNA. These are\xa0\n 270 00:29:21,599 --> 00:29:27,359 CCNA, as well as CCNP and many other\xa0\n 271 00:29:27,359 --> 00:29:29,439 please follow the link in the video description. 272 00:29:32,640 --> 00:29:35,040 There are supplementary materials for this video.\xa0\xa0 273 00:29:35,839 --> 00:29:38,720 There is a flashcard deck to\xa0\n 274 00:29:39,359 --> 00:29:43,359 There will also be a packet tracer practice\xa0\n 275 00:29:44,000 --> 00:29:49,440 That will be in the next video. Sign up for my\xa0\n 276 00:29:49,440 --> 00:29:53,840 and I’ll send you all of the flashcards\xa0\n 277 00:29:56,079 --> 00:30:00,319 Before finishing today’s video I want\xa0\n 278 00:30:01,119 --> 00:30:07,599 To join, please click the ‘Join’ button under the\xa0\n 279 00:30:07,599 --> 00:30:14,639 Brandon, Samil, Aaron, Marcel, Kone, Donald, C\xa0\n 280 00:30:14,640 --> 00:30:20,160 Tshepiso, Justin, Prakaash, Nasir, Erlison,\xa0\n 281 00:30:20,160 --> 00:30:25,840 Funnydart, Velvijaykum, Mark, Yousif, Boson\xa0\n 282 00:30:27,039 --> 00:30:32,319 Sorry if I pronounced your name incorrectly,\xa0\n 283 00:30:32,319 --> 00:30:39,200 is the list of JCNP-level members at the time\xa0\n 284 00:30:39,200 --> 00:30:44,080 you signed up recently and your name isn’t on\xa0\n 285 00:30:45,680 --> 00:30:48,799 Thank you for watching. Please\xa0\n 286 00:30:48,799 --> 00:30:53,519 like the video, leave a comment, and share the\xa0\n 287 00:30:54,559 --> 00:31:00,159 If you want to leave a tip, check the links in the\xa0\n 288 00:31:00,160 --> 00:31:06,800 and accept BAT, or Basic Attention Token, tips\xa0\n 24794