Cisco Networking: Telnet and SSH Connections
Communicating with your Cisco network devices via Telnet or SSH is considered connecting remotely. This type of connection is typically required because you deploy your configured devices to locations where you cannot be directly connected via a console cable.
For years, Telnet has been the industry standard. Telnet gives you terminal access to your devices over an IP network. This functionality has been built into every router and managed switch that have been sold for decades; but Telnet has one little problem: It is not all that secure.
Telnet passes all its traffic over the network in clear text, so anyone between you and the device on the network can use a packet-capture program to capture the entire conversation. This includes all the passwords and logon credentials you use during the session.
Secure Shell (SSH)
SSH has been around for more than 15 years and has been widely used in Unix and Linux operating systems since 2000. SSH has seen its share of deficiencies and has been improved from version 1 to version 2.
Even with these issues, it is a far better choice for remote access than Telnet because all communication is encrypted using a public/private key pair (standard for encrypting data such as SSL data). This security processing is not limited to terminal access because SSH can provide encryption for port forwarding, SFTP (Secure File Transfer Protocol), and Secure Copy Protocol (SCP).
Making an SSH connection is similar to making a Telnet connection from an end-user standpoint. PuTTY handles both types of connections.
The following steps explain how to make an SSH connection, which starts by launching PuTTY. Fill in the PuTTY Configuration dialog as shown in the following illustration:
Fill in the IP address of the Cisco device you are connecting to in the Host Name (or IP address) field.
Select SSH to use SSH to make the connection.
Fill in a name to save the connection settings as in the Saved Sessions text box, and then click the Save button.
Click the Open button to establish the initial connection.
This closes the PuTTY Configuration window and opens a command window with your connection to the Cisco device.
SSH version 2 allows you to perform interactive keyboard authentication, which is explained in this example, or to use certificate-based authentication.
When you make your initial connection to any SSH device, you are asked to verify its public security key, as shown in the following figure. This key is used as a safety device, and with PuTTY, if that key ever changes, you are prompted and you should question if it should have changed or if someone is trying to break into your Cisco device.
If your key ever changes but you did not authorize it, you may want to cancel the connection and find out why the key is different. For instance, someone could have tried to capture data on your network or spoof your Cisco device’s IP address.