A network administrator must configure SSH for remote access to router R1
The requirement is to use a public and private key pair to encrypt management traffic to and from the connecting client.
Which configuration, when applied, meets the requirements?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The correct answer is B. R1#enable R1#configure terminal R1(config)#ip domain-name cisco.com R1(config)#crypto key generate ec keysize 2048.
Explanation:
Secure Shell (SSH) is a protocol used for securely accessing network devices remotely. It is designed to replace Telnet and other insecure protocols. SSH uses encryption to protect the management traffic that travels between the client and the server.
To configure SSH on a router or switch, you must first generate a public-private key pair. The private key is stored on the device, and the public key is sent to the client. When the client connects to the device, it uses the public key to encrypt the traffic, and the device uses the private key to decrypt it. This ensures that the traffic cannot be intercepted and read by an attacker.
Option A: R1#enable R1#configure terminal R1(config)#ip domain-name cisco.com R1(config)#crypto key generate ec keysize 1024
This command generates an Elliptic Curve (EC) key pair with a key size of 1024 bits. While this is a valid command for generating a key pair, it does not meet the requirements of the question, as it uses a smaller key size.
Option B: R1#enable R1#configure terminal R1(config)#ip domain-name cisco.com R1(config)#crypto key generate ec keysize 2048
This command generates an EC key pair with a key size of 2048 bits, which is a larger key size and provides stronger encryption than option A. This option meets the requirements of the question.
Option C: R1#enable R1#configure terminal R1(config)#ip domain-name cisco.com R1(config)#crypto key encrypt rsa name myKey
This command encrypts an existing RSA key with a password. It does not generate a new key pair, and it does not meet the requirements of the question.
Option D: R1#enable R1#configure terminal R1(config)#ip domain-name cisco.com R1(config)#crypto key generate rsa modulus 1024
This command generates an RSA key pair with a key size of 1024 bits. While this is a valid command for generating a key pair, it does not meet the requirements of the question, as it uses a smaller key size.
In conclusion, the correct answer is B. R1#enable R1#configure terminal R1(config)#ip domain-name cisco.com R1(config)#crypto key generate ec keysize 2048.