300-410 Question #57: Real Exam Question with Answer & Explanation

The correct answer is A: crypto key generate rsa. To enable SSH on a Cisco device, an RSA cryptographic key pair must first be generated. SSH relies on these keys for secure encryption and authentication, and without them, the SSH server cannot operate.

Infrastructure Security

Question

Refer to the exhibit. An engineer is trying to connect to a device with SSH but cannot connect. The engineer connects by using the console and find the displayed output when troubleshooting. Which command must be used in configuration mode to enable SSH on the device?

Options

Acrypto key generate rsa
Bip ssh enable
Cno ip ssh disable
Dip ssh version 2

Explanation

To enable SSH on a Cisco device, an RSA cryptographic key pair must first be generated. SSH relies on these keys for secure encryption and authentication, and without them, the SSH server cannot operate.

Common mistakes.

B. There is no ip ssh enable command in Cisco IOS; SSH functionality is implicitly enabled once an RSA key is generated and VTY lines are configured for SSH access.
C. The command no ip ssh disable is syntactically incorrect; SSH is not managed by a simple enable/disable command in this manner.
D. ip ssh version 2 configures the device to use SSH protocol version 2, but it does not generate the necessary cryptographic keys to enable SSH functionality in the first place.

Concept tested. SSH Configuration Prerequisites

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-secure-shell/configuration/15-mt/sec-ssh-15-mt-book/sec-config-ssh.html

Topics

#SSH#Security#Remote Access

Community Discussion

No community discussion yet for this question.

Full 300-410 Practice Browse All 300-410 Questions