I decided to put up my own networking lab for my studies. I grabbed a deal at a local online classified ads website and got a set of routers and switches for a reasonable price. Because I spend most of my time in the office, I realized I need to have a remote access to my Cisco home lab whenever and wherever I am. This can be done by dedicating one of my Cisco routers to function as an access server and connecting into it using reverse SSH. To complete this task, I went to Amazon and ordered a Cisco NM-32A and an octal cable.
I had two options – Reverse Telnet or Reverse SSH. For uniformity and security, I use SSH to connect to all the devices I manage. With the multiple security issues present in Telnet, I would recommend using Reverse SSH if the hardware / resources permits. Though you may think that it is only a practice lab, I say it would be best to practice as if you were handling a production environment rather than to work on live as if you were on a lab.
Configuring Reverse SSH is fairly easy. Below is the overview of what needs to be done:
- Change the default hostname of the device
- Set the ip domain-name
- Generate crypto keys
- Configure different port for each line TTY using rotary groups
The first two steps we need to do is to set the devices
hostname and the
domain-name. Without one of the two, or by leaving the hostname at the default, we would not be able to generate our crypto key which is the main ingredient for SSH to work.
Enter configuration commands, one per line. End with CNTL/Z.
Access-Server(config)#ip domain-name rootcommand.com
Access-Server(config)#crypto key generate rsa
The name for the keys will be: Access-Server.rootcommand.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus : 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
Let’s proceed to the next page for the excerpt of my current running-config.