Refer to the exhibit. Which two commands must be configured on router R1 to enable the router to accept secure remote-access connections? (Choose two.)
Ans is correct. Watch the below given video for the reference -
https://www.oreilly.com/content/how-do-i-configure-a-cisco-router-for-secure-remote-access-using-ssh/
The correct answers are:
A. ip ssh pubkey-chain
C. crypto key generate rsa
These two commands are required to enable secure remote-access connections on router R1.
Option A (ip ssh pubkey-chain) enables SSH connections using public key authentication, which is a more secure method compared to password-based authentication.
Option C (crypto key generate rsa) generates an RSA key pair that is used for encryption and authentication purposes when establishing secure connections, such as SSH.
The other options are not directly related to enabling secure remote-access connections:
B. username cisco password 0 cisco - This command creates a local user account with the username "cisco" and a plaintext password. However, it does not enable secure remote-access connections.
D. transport input telnet - This command allows telnet access to the router, but telnet is not a secure protocol.
E. login console - This command enables console line authentication, but it is not specific to remote-access connections or providing security for them.
A & C are correct
ip ssh pubkey-chain: This command configures SSH public key authentication, providing a more secure method of authentication compared to password-based authentication.
ip ssh pubkey-chain
Example:
host1(config)# ip ssh pubkey-chain
Configures SSH-RSA keys for user and server authentication on the SSH server and enters public-key configuration mode.
a is complete
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-e/sec-usr-ssh-15-e-book/sec-secure-shell-v2.html
Configuring the Cisco SSH Server to Perform RSA-Based User Authentication
point 6
Option B, "username cisco password 0 cisco," is incorrect because it creates a local user account with a password, but it does not enable remote access. Insead option A "ip ssh pubkey-chain" command is used to configure the SSH public key authentication method on a Cisco device. It allows users to authenticate using their public keys instead of passwords, enhancing security and convenience.
Regarding answer B, can passwords have spaces?? wouldn't the password be "0 cisco"?? Correct me if I'm wrong, but aren't spaces disallowed as a password requirement?
Spaces are allowed characters. I have had many engineers fat-fingered passwords in the past. The rule of thumb is never copy and paste a password or if you are going to do this copy and paste the password do it to notead to remove any additional characters.
This is a document by NSA, I found it really helpful:
https://media.defense.gov/2022/Feb/17/2002940795/-1/-1/1/CSI_CISCO_PASSWORD_TYPES_BEST_PRACTICES_20220217.PDF
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mantest
Highly Voted 2 years, 1 month agoStingVN
Highly Voted 1 year, 1 month ago[Removed]
Most Recent 3 months, 1 week ago[Removed]
8 months, 4 weeks ago[Removed]
8 months, 4 weeks agoYinxs
10 months, 2 weeks ago[Removed]
6 months, 2 weeks agoVikramaditya_J
11 months agoEallam
12 months agoDARKK
2 years, 1 month agoMurphy2022
1 year, 9 months agoguisam
1 year, 6 months agoNetworknovice
2 years, 1 month agopicho707
7 months, 1 week agoiGlitch
2 years, 1 month agosplashy
1 year, 9 months ago