Refer to the exhibit. Which two commands must be configured on router R1 to enable the router to accept secure remote-access connections? (Choose two.)
Ans is correct. Watch the below given video for the reference -
https://www.oreilly.com/content/how-do-i-configure-a-cisco-router-for-secure-remote-access-using-ssh/
The correct answers are:
A. ip ssh pubkey-chain
C. crypto key generate rsa
These two commands are required to enable secure remote-access connections on router R1.
Option A (ip ssh pubkey-chain) enables SSH connections using public key authentication, which is a more secure method compared to password-based authentication.
Option C (crypto key generate rsa) generates an RSA key pair that is used for encryption and authentication purposes when establishing secure connections, such as SSH.
The other options are not directly related to enabling secure remote-access connections:
B. username cisco password 0 cisco - This command creates a local user account with the username "cisco" and a plaintext password. However, it does not enable secure remote-access connections.
D. transport input telnet - This command allows telnet access to the router, but telnet is not a secure protocol.
E. login console - This command enables console line authentication, but it is not specific to remote-access connections or providing security for them.
I think they have asked two things to enable and secure the Remote connection.
A. ip ssh pubkey-chain - This is used for SSH key-based authentication, but it’s not required just to enable SSH.
B. username cisco password 0 cisco To enable remote connect it is required to create username and password
C. crypto key generate rsa - This is to secure connection through encryption
A & C are correct
ip ssh pubkey-chain: This command configures SSH public key authentication, providing a more secure method of authentication compared to password-based authentication.
ip ssh pubkey-chain
Example:
host1(config)# ip ssh pubkey-chain
Configures SSH-RSA keys for user and server authentication on the SSH server and enters public-key configuration mode.
a is complete
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-e/sec-usr-ssh-15-e-book/sec-secure-shell-v2.html
Configuring the Cisco SSH Server to Perform RSA-Based User Authentication
point 6
Option B, "username cisco password 0 cisco," is incorrect because it creates a local user account with a password, but it does not enable remote access. Insead option A "ip ssh pubkey-chain" command is used to configure the SSH public key authentication method on a Cisco device. It allows users to authenticate using their public keys instead of passwords, enhancing security and convenience.
Regarding answer B, can passwords have spaces?? wouldn't the password be "0 cisco"?? Correct me if I'm wrong, but aren't spaces disallowed as a password requirement?
spaces are allowed and are valid password characters, therefore if you set a password with a space in it, you will have to type it the same. But in this situation, the "0" is only to mention an unencrypted password string, so there is no problem with that. The real problem though is that, for security purposes, it is recommended to use an encrypted password and not a clear text password, therefore use "secret" and not "password", which is the only reason this question is not true; Otherwise, the correct answers would be "B and C"
Spaces are allowed characters. I have had many engineers fat-fingered passwords in the past. The rule of thumb is never copy and paste a password or if you are going to do this copy and paste the password do it to notead to remove any additional characters.
This is a document by NSA, I found it really helpful:
https://media.defense.gov/2022/Feb/17/2002940795/-1/-1/1/CSI_CISCO_PASSWORD_TYPES_BEST_PRACTICES_20220217.PDF
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mantest
Highly Voted 2 years, 3 months agoStingVN
Highly Voted 1 year, 3 months agoriteshm42
Most Recent 1 week, 2 days ago[Removed]
5 months, 2 weeks ago[Removed]
11 months, 1 week ago[Removed]
11 months, 1 week agoYinxs
1 year ago[Removed]
8 months, 3 weeks agoVikramaditya_J
1 year, 1 month agoEallam
1 year, 2 months agoDARKK
2 years, 3 months agoMurphy2022
1 year, 11 months agoguisam
1 year, 9 months agoNetworknovice
2 years, 3 months agotiingabatana
1 month, 2 weeks agopicho707
9 months, 2 weeks agoiGlitch
2 years, 3 months agosplashy
1 year, 11 months ago