Exam 200-301 topic 1 question 620 discussion

two conditions must be met before SSH can operate normally on a Cisco IOS switch The Cisco IOS image used must be a k9(crypto) image in order to support SSH. ""!--- Step 2: Configure the DNS domain of the router.

IOU2(config)#crypto key generate rsa % Please define a domain-name first. IOU2(config)#

C is correct

You'll get this message if you try to generate an RSA key and don't define a domain name first : SW1(config)#crypto key generate rsa general-keys modulus 1024 % Please define a domain-name first.

Assign a DNS domain name ip domain name example-cccna.com

C is correct.

B. Configure the version of SSH. Explanation: To generate an RSA key for SSH on a router, you need to configure the version of SSH. This involves specifying the desired version of SSH to be used on the router, such as SSH version 1 or SSH version 2. The specific commands to configure the SSH version may vary depending on the router's operating system. The other options are not directly related to generating an RSA key for SSH: A. Configuring VTY (Virtual Terminal) access is unrelated to generating an RSA key for SSH. VTY access controls remote management access to a router using protocols such as Telnet or SSH. C. Assigning a DNS domain name is not directly related to generating an RSA key for SSH. DNS (Domain Name System) is used for domain name resolution and mapping domain names to IP addresses. D. Creating a user with a password is unrelated to generating an RSA key for SSH. User creation and password assignment are part of configuring user authentication and authorization on a router, but not specifically related to SSH key generation.

C is correct

- The Cisco IOS image used must be a k9 (crypto) image to support SSH. - the hostname must be different from the default one - define domain-name of the DNS

little things like this convince me that the only way to pass the CCNA is to do a bunch of brain dumps prior to taking it

Use this trick to remember easy: DRUL D: domain name R: rsa key U: username L: line vty

B. Configure VTY access. Tested on Packet Tracer + also shown on Cbt nuggets CCNA course The ip ssh rsa keypair-name command enables an SSH connection using the Rivest, Shamir, and Adleman (RSA) keys that you have configured. Previously, SSH was linked to the first RSA keys that were generated (that is, SSH was enabled when the first RSA key pair was generated). This behavior still exists, but by using the ip ssh rsa keypair-name command, you can overcome this behavior. If you configure the ip ssh rsa keypair-name command with a key pair name, SSH is enabled if the key pair exists or SSH will be enabled if the key pair is generated later. If you use this command to enable SSH, you are not forced to configure a hostname and a domain name, which was required in SSH Version 1 of the Cisco software. Ref: https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/sec-usr-ssh/sec-usr-ssh-xe-3-13s-asr-920-book/m_sec-secure-shell-v2.html#GUID-B3B3CEE9-5113-4B40-B070-C21F82C8779C

I am guessing the "DNS domain name" is referring to step 4 below. Configuring a Device for SSH Version 2 Using a Hostname and Domain Name SUMMARY STEPS 1. enable 2. configure terminal 3. hostname name 4. ip domain-name name 5. crypto key generate rsa 6. ip ssh [time-out seconds | authentication-retries integer] 7. ip ssh version [1 | 2] 8. exit From: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-v2.html