Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,720 --> 00:00:07,120
Welcome to Jeremy’s IT Lab. This is a free,\xa0\n
2
00:00:07,120 --> 00:00:12,560
videos, please subscribe to follow along with the\xa0\n
3
00:00:12,560 --> 00:00:16,399
and share the video to help spread this\xa0\n
4
00:00:17,839 --> 00:00:25,039
In this video we will cover SSH, Secure Shell.\xa0\n
5
00:00:25,039 --> 00:00:30,799
and configure them via the CLI. One option\xa0\n
6
00:00:30,800 --> 00:00:36,799
via the console port, which I introduced in an\xa0\n
7
00:00:36,799 --> 00:00:41,039
you to connect to a device remotely, without\xa0\n
8
00:00:42,479 --> 00:00:47,599
SSH is exam topic 4.8, which says you\xa0\n
9
00:00:47,600 --> 00:00:53,359
for remote access using SSH. I won’t\xa0\n
10
00:00:53,359 --> 00:00:57,840
I will take the opportunity to\xa0\n
11
00:00:59,200 --> 00:01:04,799
Here’s what we’ll cover in this video.\xa0\n
12
00:01:04,799 --> 00:01:08,959
last video about Syslog I mentioned\xa0\n
13
00:01:09,599 --> 00:01:14,239
So, I want to take the opportunity to explain\xa0\n
14
00:01:14,239 --> 00:01:19,839
make it more secure. Then I’ll explain the\xa0\n
15
00:01:20,879 --> 00:01:25,439
Layer 2 switches don’t route packets and\xa0\n
16
00:01:25,439 --> 00:01:31,039
can configure a management IP address on them so\xa0\n
17
00:01:32,319 --> 00:01:37,439
Then I will introduce Telnet, which is a\xa0\n
18
00:01:37,439 --> 00:01:44,239
and less-secure. Finally, the main topic of\xa0\n
19
00:01:44,239 --> 00:01:49,679
but the first few topics shouldn’t take too long\xa0\n
20
00:01:49,680 --> 00:01:55,360
a bonus practice question from Boson Software’s\xa0\n
21
00:01:57,280 --> 00:02:03,280
First, console port security. By default,\xa0\n
22
00:02:03,280 --> 00:02:09,360
a Cisco IOS device via the console port.\xa0\n
23
00:02:09,360 --> 00:02:14,240
use a console cable to connect your laptop to\xa0\n
24
00:02:15,439 --> 00:02:20,240
However, you can configure a password on the\xa0\n
25
00:02:20,240 --> 00:02:25,920
configure all settings related to console port\xa0\n
26
00:02:25,919 --> 00:02:32,239
enter a password to access the CLI via the console\xa0\n
27
00:02:32,240 --> 00:02:37,439
configure the console line, use the command\xa0\n
28
00:02:38,400 --> 00:02:43,760
There is only a single console line, so the\xa0\n
29
00:02:43,759 --> 00:02:49,120
only a single console line? It means there can\xa0\n
30
00:02:49,759 --> 00:02:54,319
You can’t have multiple people configuring the\xa0\n
31
00:02:54,319 --> 00:03:01,439
ports. Only one user can connect at a time. Then\xa0\n
32
00:03:02,639 --> 00:03:06,959
But configuring a password isn’t enough,\xa0\n
33
00:03:06,960 --> 00:03:12,400
tells the device to require a user to enter the\xa0\n
34
00:03:13,439 --> 00:03:19,439
That’s it, now a password will be required\xa0\n
35
00:03:19,439 --> 00:03:26,079
I used END and EXIT to terminate the console\xa0\n
36
00:03:26,080 --> 00:03:33,360
and I was asked for a password. I entered the\xa0\n
37
00:03:33,360 --> 00:03:38,320
that the password isn’t displayed as you type it,\xa0\n
38
00:03:40,080 --> 00:03:44,640
Alternatively, you can configure the console\xa0\n
39
00:03:44,639 --> 00:03:49,439
of the configured usernames on the device.\xa0\n
40
00:03:49,439 --> 00:03:54,560
in which we configured a specific password\xa0\n
41
00:03:54,560 --> 00:04:01,360
configurations. First, I created a username,\xa0\n
42
00:04:02,479 --> 00:04:08,799
I once again used LINE CONSOLE 0 to configure\xa0\n
43
00:04:08,800 --> 00:04:14,640
LOCAL. This tells the device to require a user\xa0\n
44
00:04:14,639 --> 00:04:20,079
on the device. So, instead of logging in using\xa0\n
45
00:04:20,639 --> 00:04:25,839
the user will have to use a username and\xa0\n
46
00:04:25,839 --> 00:04:32,000
configuration of R1’s console line. Notice that\xa0\n
47
00:04:32,000 --> 00:04:38,480
is still there, however I changed the login mode\xa0\n
48
00:04:38,480 --> 00:04:44,560
password of ccna can no longer be used. The\xa0\n
49
00:04:45,600 --> 00:04:50,800
So, I logged out of the connection pressed\xa0\n
50
00:04:50,800 --> 00:04:56,319
username and password, not just a password.\xa0\n
51
00:04:56,959 --> 00:05:02,719
That is the EXEC-TIMEOUT command. This will cause\xa0\n
52
00:05:02,720 --> 00:05:09,440
period of inactivity, 3 minutes and 30 seconds\xa0\n
53
00:05:09,439 --> 00:05:13,120
in case you leave your desk but forget\xa0\n
54
00:05:15,199 --> 00:05:20,479
Okay, that’s all for console line security. Now\xa0\n
55
00:05:21,600 --> 00:05:27,280
Routers and Layer 3 switches have IP addresses you\xa0\n
56
00:05:27,279 --> 00:05:33,119
but what about Layer 2 switches? Layer 2 switches\xa0\n
57
00:05:33,120 --> 00:05:39,040
routing table. They aren’t IP routing aware. Their\xa0\n
58
00:05:39,040 --> 00:05:45,439
as you already know. However, you can actually\xa0\n
59
00:05:45,439 --> 00:05:51,839
interface, to allow remote connections to the CLI\xa0\n
60
00:05:52,959 --> 00:05:59,039
For the rest of this video, I’ll use this\xa0\n
61
00:05:59,040 --> 00:06:03,280
and needs to be able to connect to all of the\xa0\n
62
00:06:03,279 --> 00:06:10,639
having to travel to different offices. To allow\xa0\n
63
00:06:10,639 --> 00:06:17,360
here’s how you can configure it. First, configure\xa0\n
64
00:06:17,360 --> 00:06:26,160
multilayer switch. INTERFACE VLAN, followed by the\xa0\n
65
00:06:26,160 --> 00:06:32,880
enable the interface if its shutdown by default.\xa0\n
66
00:06:32,879 --> 00:06:38,560
more step you need to configure to allow a Layer\xa0\n
67
00:06:38,560 --> 00:06:45,280
its local LAN. Use the IP DEFAULT-GATEWAY command\xa0\n
68
00:06:46,720 --> 00:06:52,240
PC2 isn’t in the same LAN, so SW1 can’t\xa0\n
69
00:06:53,199 --> 00:06:57,599
It has to send the traffic to a router, which\xa0\n
70
00:06:58,639 --> 00:07:03,199
It’s like configuring a default route, however\xa0\n
71
00:07:03,759 --> 00:07:07,120
so you have to use this command to\xa0\n
72
00:07:08,560 --> 00:07:12,399
Okay, that’s all the configuration needed\xa0\n
73
00:07:13,279 --> 00:07:17,039
To demonstrate Telnet and SSH,\xa0\n
74
00:07:19,439 --> 00:07:25,120
First up, Telnet. It’s not commonly used today\xa0\n
75
00:07:25,120 --> 00:07:33,040
before looking at SSH. Telnet, teletype network,\xa0\n
76
00:07:33,040 --> 00:07:38,879
a remote host. So instead of plugging your PC\xa0\n
77
00:07:39,439 --> 00:07:45,279
you can connect to the device on a remote\xa0\n
78
00:07:45,279 --> 00:07:51,359
a very old protocol. It has been largely, almost\xa0\n
79
00:07:52,240 --> 00:07:57,840
However SSH was developed in 1995,\xa0\n
80
00:07:58,720 --> 00:08:04,160
Telnet sends data in plain text, no\xa0\n
81
00:08:04,160 --> 00:08:10,160
like Wireshark to capture the traffic, they can\xa0\n
82
00:08:11,040 --> 00:08:17,520
Up top is a Telnet packet sent from R1, inside\xa0\n
83
00:08:17,519 --> 00:08:24,479
the CLI displays when trying to login. I entered\xa0\n
84
00:08:25,600 --> 00:08:32,560
But the password is displayed in plain text,\xa0\n
85
00:08:32,559 --> 00:08:36,879
who is able to capture the traffic like I did\xa0\n
86
00:08:36,879 --> 00:08:42,720
between my device and R1. The username, the\xa0\n
87
00:08:43,679 --> 00:08:47,919
That is definitely not secure, and\xa0\n
88
00:08:49,279 --> 00:08:55,600
Before moving on to Telnet configuration, I want\xa0\n
89
00:08:55,600 --> 00:09:01,680
that’s the device being connected to, R1 in this\xa0\n
90
00:09:01,679 --> 00:09:10,239
23. So, when my device sent the password to R1,\xa0\n
91
00:09:10,240 --> 00:09:15,519
make sure you remember that port number. And\xa0\n
92
00:09:15,519 --> 00:09:21,840
that is connecting, and as I just said the Telnet\xa0\n
93
00:09:23,360 --> 00:09:26,960
Here’s how to configure a device so that\xa0\n
94
00:09:28,320 --> 00:09:32,720
First, you should always configure an enable\xa0\n
95
00:09:33,440 --> 00:09:38,320
You won’t be able to access privileged exec mode\xa0\n
96
00:09:38,320 --> 00:09:45,120
isn’t configured. I also configured a username and\xa0\n
97
00:09:45,120 --> 00:09:50,879
mode. This isn’t necessary, but you can configure\xa0\n
98
00:09:50,879 --> 00:10:01,039
VTY lines of the device. And then use the command\xa0\n
99
00:10:01,039 --> 00:10:07,439
on the VTY lines. There are 16 lines available,\xa0\n
100
00:10:08,960 --> 00:10:17,840
LINE VTY 0 15 means you are configuring all lines,\xa0\n
101
00:10:17,840 --> 00:10:24,240
the VTY lines have the same configuration.\xa0\n
102
00:10:26,080 --> 00:10:32,400
Okay, first I configured LOGIN LOCAL as well as\xa0\n
103
00:10:32,399 --> 00:10:37,679
depends on the device. In this case it was\xa0\n
104
00:10:39,039 --> 00:10:42,240
Okay, next I used the command\xa0\n
105
00:10:43,120 --> 00:10:46,960
This is how you configure what kind of\xa0\n
106
00:10:47,840 --> 00:10:53,840
TRANSPORT INPUT TELNET allows only Telnet\xa0\n
107
00:10:53,840 --> 00:11:00,560
INPUT SSH to allow only SSH connections, or\xa0\n
108
00:11:02,000 --> 00:11:07,360
TRANSPORT INPUT ALL allows all connections,\xa0\n
109
00:11:07,360 --> 00:11:13,840
and SSH. Or, you can configure TRANSPORT INPUT\xa0\n
110
00:11:15,039 --> 00:11:20,639
The device I’m using for this demo defaults to\xa0\n
111
00:11:20,639 --> 00:11:29,439
default to TRANSPORT INPUT ALL. Finally, I applied\xa0\n
112
00:11:29,440 --> 00:11:35,840
will be able to connect to SW1 using Telnet. Note\xa0\n
113
00:11:36,559 --> 00:11:43,679
other devices will still be able to communicate\xa0\n
114
00:11:43,679 --> 00:11:49,839
although the command to apply the ACL to the VTY\xa0\n
115
00:11:49,840 --> 00:11:56,320
ACL to an interface is IP ACCESS-GROUP. And\xa0\n
116
00:11:56,320 --> 00:12:02,879
ACCESS-LIST or IP ACCESS-LIST. Try not\xa0\n
117
00:12:03,440 --> 00:12:07,440
IP ACCESS-GROUP, and\xa0\nACCESS-LIST or IP ACCESS-LIST.
118
00:12:08,720 --> 00:12:15,600
To verify the configuration, I first tried to ping\xa0\n
119
00:12:15,600 --> 00:12:21,200
when I tried to telnet to SW1, I got a message\xa0\n
120
00:12:22,000 --> 00:12:28,399
That’s because of the ACL I applied to SW1’s VTY\xa0\n
121
00:12:29,519 --> 00:12:35,120
So, I did Telnet from PC2, and it worked. Now,\xa0\n
122
00:12:36,240 --> 00:12:40,480
Notice how the VTY line configurations are\xa0\n
123
00:12:41,440 --> 00:12:45,200
The first 5 lines are displayed\xa0\n
124
00:12:46,159 --> 00:12:52,799
I believe this is just a result of the fact that\xa0\n
125
00:12:52,799 --> 00:12:56,719
even if you configure all 16 lines at\xa0\n
126
00:12:56,720 --> 00:13:02,399
config. That’s just a bit of trivia, it doesn’t\xa0\n
127
00:13:03,519 --> 00:13:08,480
So, that was a quick look at Telnet. Finally\xa0\n
128
00:13:10,159 --> 00:13:16,559
SSH, which stands for Secure Shell, was developed\xa0\n
129
00:13:16,559 --> 00:13:22,159
Telnet. By the way, if you’re wondering what\xa0\n
130
00:13:23,440 --> 00:13:28,960
A shell is a computer program which exposes the\xa0\n
131
00:13:28,960 --> 00:13:38,080
other program. So, any time you’re accessing the\xa0\n
132
00:13:38,080 --> 00:13:46,000
revision of SSHv1, was released in 2006. Version\xa0\n
133
00:13:46,000 --> 00:13:53,120
possible. If a device supports both version 1\xa0\n
134
00:13:54,159 --> 00:14:01,039
Note that 1.99 isn’t actually a version of SSH, it\xa0\n
135
00:14:01,039 --> 00:14:07,679
and version 2. SSH provides security features\xa0\n
136
00:14:08,639 --> 00:14:11,840
You’ll learn more about those terms\xa0\n
137
00:14:12,879 --> 00:14:17,840
But for example, here’s an SSH packet\xa0\n
138
00:14:17,840 --> 00:14:22,000
the encrypted packet section, it’s just\xa0\n
139
00:14:22,960 --> 00:14:28,879
Only the SSH server and client have the keys to\xa0\n
140
00:14:28,879 --> 00:14:35,039
the packet on the way to its destination, I\xa0\n
141
00:14:35,039 --> 00:14:43,839
SSH uses TCP port 22. So, remember that\xa0\n
142
00:14:45,600 --> 00:14:50,399
Before configuring SSH, you should make sure that\xa0\n
143
00:14:51,200 --> 00:14:57,520
I used the SHOW VERSION command, and here’s\xa0\n
144
00:14:57,519 --> 00:15:06,399
that I highlighted. IOS images that support SSH\xa0\n
145
00:15:06,399 --> 00:15:11,840
No Payload Encryption, IOS images to countries\xa0\n
146
00:15:12,879 --> 00:15:18,879
And those NPE IOS images do not support\xa0\n
147
00:15:18,879 --> 00:15:23,120
of encryption might be supported, but I would\xa0\n
148
00:15:23,120 --> 00:15:30,960
unfortunately I don’t have access to any NPE IOS\xa0\n
149
00:15:31,840 --> 00:15:38,080
If your device doesn’t support SSH, it will\xa0\n
150
00:15:38,080 --> 00:15:46,000
but disabled. Notice the version is 1.99,\xa0\n
151
00:15:46,000 --> 00:15:52,559
here’s a hint about the first step in configuring\xa0\n
152
00:15:53,679 --> 00:15:59,439
RSA keys are cryptographic keys that are essential\xa0\n
153
00:16:00,960 --> 00:16:06,720
Okay, so after ensuring that the IOS image you’re\xa0\n
154
00:16:06,720 --> 00:16:13,759
keys. The keys are used for data encryption and\xa0\n
155
00:16:13,759 --> 00:16:20,639
do that. First, I configured the domain name\xa0\n
156
00:16:21,679 --> 00:16:27,279
The reason for this is that the FQDN of\xa0\n
157
00:16:28,399 --> 00:16:34,639
By the way, FQDN means Fully Qualified Domain\xa0\n
158
00:16:34,639 --> 00:16:43,519
name. Then I generated the RSA keys. The command\xa0\n
159
00:16:43,519 --> 00:16:51,679
name the keys, SW1.jeremysitlab.com, which\xa0\n
160
00:16:51,679 --> 00:16:58,479
the size of the modulus, the size of the keys. I\xa0\n
161
00:16:59,840 --> 00:17:05,440
Note that you can just use the command CRYPTO KEY\xa0\n
162
00:17:05,440 --> 00:17:09,519
without having to specify it separately\xa0\n
163
00:17:11,119 --> 00:17:17,679
Note that the length must be 768 bits or greater\xa0\n
164
00:17:17,680 --> 00:17:23,039
that length. Greater key lengths are more\xa0\n
165
00:17:24,319 --> 00:17:28,079
After the keys are generated,\xa0\n
166
00:17:28,079 --> 00:17:36,000
indicating that SSH has been enabled. I check SHOW\xa0\n
167
00:17:38,480 --> 00:17:44,559
Now that SSH is enabled, let’s configure it. The\xa0\n
168
00:17:44,559 --> 00:17:51,919
so let’s do a clean configuration of SSH. First,\xa0\n
169
00:17:51,920 --> 00:17:59,440
a username, and an ACL to restrict connections\xa0\n
170
00:17:59,440 --> 00:18:04,640
VERSION 2. This is optional, but recommended\xa0\n
171
00:18:05,920 --> 00:18:12,800
Then once again, use the command LINE VTY\xa0\n
172
00:18:12,799 --> 00:18:20,240
like when configuring Telnet. Then enable local\xa0\n
173
00:18:20,240 --> 00:18:27,279
SSH, only LOGIN LOCAL works, a username is needed.\xa0\n
174
00:18:27,279 --> 00:18:33,680
server, but that’s a topic for another video.\xa0\n
175
00:18:33,680 --> 00:18:39,039
I configured the exec timeout again. This is\xa0\n
176
00:18:39,039 --> 00:18:43,359
default exec timeout, but you can use this\xa0\n
177
00:18:44,480 --> 00:18:52,400
Then I used TRANSPORT INPUT SSH. Best practice\xa0\n
178
00:18:52,400 --> 00:18:57,360
disabling Telnet because it’s less\xa0\n
179
00:18:58,400 --> 00:19:03,519
Just like for Telnet this is optional, but it\xa0\n
180
00:19:05,039 --> 00:19:11,039
Okay, let me summarize the SSH configuration\xa0\n
181
00:19:11,680 --> 00:19:16,560
I didn’t mention this previously because I had\xa0\n
182
00:19:16,559 --> 00:19:24,159
cannot generate its RSA keys without a non-default\xa0\n
183
00:19:24,160 --> 00:19:30,720
the default host name I tried the CRYPTO KEY\xa0\n
184
00:19:30,720 --> 00:19:36,799
please define a hostname other than router. So\xa0\n
185
00:19:36,799 --> 00:19:43,200
key pair again. However I haven’t defined a domain\xa0\n
186
00:19:44,079 --> 00:19:51,119
And that’s the next step in SSH configuration,\xa0\n
187
00:19:51,119 --> 00:19:58,319
IP DOMAIN NAME jeremysitlab.com. Then I try to\xa0\n
188
00:19:59,279 --> 00:20:04,240
So, remember that. To generate the RSA key\xa0\n
189
00:20:04,240 --> 00:20:10,319
and the domain name first. Actually, you can\xa0\n
190
00:20:10,319 --> 00:20:16,480
for the CCNA you just have to know this method.\xa0\n
191
00:20:17,519 --> 00:20:21,359
Then the next step is to configure an\xa0\n
192
00:20:21,359 --> 00:20:27,679
password combination. The order of this step\xa0\n
193
00:20:27,680 --> 00:20:34,560
configuration step, but make sure they are\xa0\n
194
00:20:35,359 --> 00:20:41,759
This isn’t necessary, but it is best practice\xa0\n
195
00:20:41,759 --> 00:20:49,200
configure the VTY lines. The most important one is\xa0\n
196
00:20:49,200 --> 00:20:55,519
then you can do any other VTY line configurations\xa0\n
197
00:20:56,480 --> 00:21:04,319
And that’s it, SSH should be working. From a\xa0\n
198
00:21:04,960 --> 00:21:12,880
followed by the username and IP address, or SSH\xa0\n
199
00:21:12,880 --> 00:21:20,160
practice lab. And make sure you do the practice\xa0\n
200
00:21:20,160 --> 00:21:24,000
But you need to know how to configure\xa0\n
201
00:21:26,240 --> 00:21:31,039
Here’s a summary of the new commands in this\xa0\n
202
00:21:31,039 --> 00:21:35,039
to do some labbing in packet tracer\xa0\n
203
00:21:36,000 --> 00:21:43,440
Unlike Syslog and SNMP, SSH configuration is\xa0\n
204
00:21:43,440 --> 00:21:47,360
purpose of any of these commands,\xa0\n
205
00:21:48,039 --> 00:21:50,960
SLIDE15\nBefore the quiz, here’s a review\xa0\xa0
206
00:21:50,960 --> 00:21:58,240
of what we covered. First, console port security.\xa0\n
207
00:21:58,240 --> 00:22:04,640
console port can access the CLI of the device. So,\xa0\n
208
00:22:05,839 --> 00:22:09,519
Then I introduced the concept of\xa0\n
209
00:22:10,640 --> 00:22:15,600
Layer 2 switches can’t route packets, but\xa0\n
210
00:22:15,599 --> 00:22:22,000
traffic on an SVI, allowing them to respond\xa0\n
211
00:22:23,200 --> 00:22:27,920
Then I introduced Telnet, a protocol that\xa0\n
212
00:22:28,960 --> 00:22:34,720
However, Telnet is old and not secure,\xa0\n
213
00:22:34,720 --> 00:22:38,079
Secure Shell instead when we\xa0\n
214
00:22:39,359 --> 00:22:42,959
Make sure to watch until the end of the\xa0\n
215
00:22:42,960 --> 00:22:49,600
Boson Software’s ExSim, the best practice exams\xa0\n
216
00:22:51,680 --> 00:22:58,240
You issue the crypto key generate rsa command on\xa0\n
217
00:22:58,240 --> 00:23:08,000
of the following might be the cause? Select two.\xa0\n
218
00:23:08,000 --> 00:23:14,160
The answers are A, a host name hasn’t been\xa0\n
219
00:23:14,160 --> 00:23:21,840
configured. The FQDN, fully qualified domain name,\xa0\n
220
00:23:22,640 --> 00:23:29,080
The FQDN consists of the device’s host name\xa0\n
221
00:23:29,079 --> 00:23:35,359
name of Router cannot be used, a host name must be\xa0\n
222
00:23:38,160 --> 00:23:42,880
Which of the following commands would allow\xa0\n
223
00:23:42,880 --> 00:23:47,760
the VTY lines of a device? (select two,\xa0\n
224
00:23:48,799 --> 00:23:50,960
Pause the video now to think about your answers.
225
00:23:55,839 --> 00:24:02,159
The answers are C, TRANSPORT INPUT\xa0\n
226
00:24:03,359 --> 00:24:10,159
C will allow Telnet and SSH, whereas D will\xa0\n
227
00:24:10,160 --> 00:24:18,160
there are protocols outside of Telnet and SSH that\xa0\n
228
00:24:18,160 --> 00:24:25,440
real command, and B, TRANSPORT INPUT NONE, would\xa0\n
229
00:24:28,000 --> 00:24:36,079
You want to allow only 192.168.1.1 to connect to\xa0\n
230
00:24:36,079 --> 00:24:40,319
fulfills that requirement? Pause the\xa0\n
231
00:24:44,400 --> 00:24:52,640
The answer is B. SSH uses TCP port 22. You must\xa0\n
232
00:24:52,640 --> 00:24:59,200
ACCESS-CLASS command to apply it to the VTY\xa0\n
233
00:24:59,200 --> 00:25:02,960
so it is the correct answer.\xa0\nOkay, let’s go to question 4.
234
00:25:05,359 --> 00:25:08,959
Which of the following statements\xa0\n
235
00:25:09,680 --> 00:25:13,840
Pause the video now to think about the answers.
236
00:25:16,240 --> 00:25:24,880
The answers are B, K9 IOS images support SSH, and\xa0\n
237
00:25:24,880 --> 00:25:35,840
for SSHv2. RSA keys are required to enable SSH, so\xa0\n
238
00:25:35,839 --> 00:25:42,639
SSH version, it is used to refer to a device that\xa0\n
239
00:25:44,079 --> 00:25:52,879
SSH does not send data in plain text, it encrypts\xa0\n
240
00:25:52,880 --> 00:25:59,760
do not support cryptographic features like SSH,\xa0\n
241
00:26:01,920 --> 00:26:10,160
A network admin using PC1 is remotely configuring\xa0\n
242
00:26:10,160 --> 00:26:15,519
What is the role of SW1 in this situation?\xa0\n
243
00:26:20,079 --> 00:26:27,599
The answer is B, SSH server. SSH and Telnet use\xa0\n
244
00:26:27,599 --> 00:26:33,919
connected to, SW1 in this case, is the server,\xa0\n
245
00:26:33,920 --> 00:26:38,960
PC1 in this case, is the client.\xa0\n
246
00:26:38,960 --> 00:26:43,360
Now let’s do a bonus practice question\xa0\n
247
00:26:46,160 --> 00:26:51,680
Okay here's today's Boson ExSim practice\xa0\n
248
00:26:51,680 --> 00:26:58,480
incoming VTY connections on a router with the\xa0\n
249
00:26:58,480 --> 00:27:03,039
image but has not yet been configured\xa0\n
250
00:27:03,920 --> 00:27:10,480
In addition, the VTY lines are not yet configured\xa0\n
251
00:27:10,480 --> 00:27:15,759
CRYPTO KEY GENERATE RSA command from global\xa0\n
252
00:27:15,759 --> 00:27:21,440
will you most likely receive? Select the\xa0\n
253
00:27:22,319 --> 00:27:26,399
Please pause the video now, check out the\xa0\n
254
00:27:31,279 --> 00:27:36,720
Okay, let's check. So the important information\xa0\n
255
00:27:36,720 --> 00:27:44,799
is Router1. It does have a K9 IOS image, so that\xa0\n
256
00:27:44,799 --> 00:27:51,359
with a domain name or an RSA key pair. So no\xa0\n
257
00:27:51,359 --> 00:28:00,479
likely receive? The name for the keys will be,\xa0\n
258
00:28:00,480 --> 00:28:06,240
as I said, the name for the key pair is\xa0\n
259
00:28:06,240 --> 00:28:11,599
which requires a host name and a domain name.\xa0\n
260
00:28:13,519 --> 00:28:19,440
B, please define a domain-name first. I think\xa0\n
261
00:28:19,440 --> 00:28:25,440
said you need a host name and a domain name. It\xa0\n
262
00:28:25,440 --> 00:28:32,160
but no domain name yet. C, please create RSA keys\xa0\n
263
00:28:32,160 --> 00:28:36,480
do there, so I don't think that message will\xa0\n
264
00:28:36,480 --> 00:28:43,440
than Router. It already has a non-default host\xa0\n
265
00:28:43,440 --> 00:28:49,680
not need SSH version 2 to create the RSA key\xa0\n
266
00:28:51,200 --> 00:28:57,840
And yes it is. So here is Boson's explanation.\xa0\n
267
00:29:01,759 --> 00:29:06,960
And here's the rest. There are some references\xa0\n
268
00:29:07,519 --> 00:29:12,400
as well as some Cisco documentation\xa0\n
269
00:29:16,319 --> 00:29:21,599
Okay, so that's Boson ExSim for CCNA. These are\xa0\n
270
00:29:21,599 --> 00:29:27,359
CCNA, as well as CCNP and many other\xa0\n
271
00:29:27,359 --> 00:29:29,439
please follow the link in the video description.
272
00:29:32,640 --> 00:29:35,040
There are supplementary materials for this video.\xa0\xa0
273
00:29:35,839 --> 00:29:38,720
There is a flashcard deck to\xa0\n
274
00:29:39,359 --> 00:29:43,359
There will also be a packet tracer practice\xa0\n
275
00:29:44,000 --> 00:29:49,440
That will be in the next video. Sign up for my\xa0\n
276
00:29:49,440 --> 00:29:53,840
and I’ll send you all of the flashcards\xa0\n
277
00:29:56,079 --> 00:30:00,319
Before finishing today’s video I want\xa0\n
278
00:30:01,119 --> 00:30:07,599
To join, please click the ‘Join’ button under the\xa0\n
279
00:30:07,599 --> 00:30:14,639
Brandon, Samil, Aaron, Marcel, Kone, Donald, C\xa0\n
280
00:30:14,640 --> 00:30:20,160
Tshepiso, Justin, Prakaash, Nasir, Erlison,\xa0\n
281
00:30:20,160 --> 00:30:25,840
Funnydart, Velvijaykum, Mark, Yousif, Boson\xa0\n
282
00:30:27,039 --> 00:30:32,319
Sorry if I pronounced your name incorrectly,\xa0\n
283
00:30:32,319 --> 00:30:39,200
is the list of JCNP-level members at the time\xa0\n
284
00:30:39,200 --> 00:30:44,080
you signed up recently and your name isn’t on\xa0\n
285
00:30:45,680 --> 00:30:48,799
Thank you for watching. Please\xa0\n
286
00:30:48,799 --> 00:30:53,519
like the video, leave a comment, and share the\xa0\n
287
00:30:54,559 --> 00:31:00,159
If you want to leave a tip, check the links in the\xa0\n
288
00:31:00,160 --> 00:31:06,800
and accept BAT, or Basic Attention Token, tips\xa0\n
24794
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.