SSH should replace Telnet for management connections. Telnet uses insecure plain text communications. SSH provides security for remote connections by providing strong encryption of all transmitted data between devices. In this activity, you will secure a remote switch with password encryption and SSH.

a. Using the command prompt on PC1, Telnet to S1. The user EXEC and privileged EXEC password is cisco.

Step 1: Double Click on the PC1, then choose Desktop > Command Prompt.

Step 2: In the "Command Prompt", we can use the command "telnet 10.10.10.2" to connect to the Switch (S1). The user and privileged password is "cisco".

b. Save the current configuration so that any mistakes you might make can be reversed by toggling the power for S1.

Step 1: To save the configuration, we need to the "copy running-config startup-config".

c. Show the current configuration and note that the passwords are in plain text. 

Step 1: To show the current configuration in the Switch (S1), we use "show running-config". As you can see, there is a config of user password is in the plain text.

Step 2: We can use this command to encrypts plain text passwords "service password-encryption".

d. Verify that the passwords are encrypted.

Hint: We can use "show running-config" to check the password is encrypted or not.

Step 1: Set the IP domain name and generate secure keys.

It is generally not safe to use Telnet, because data is transferred in plain text. Therefore, use SSH whenever it is available.

a. Configure the domain name to be netacad.pka.

Answer: We need to use "ip domain-name netacad.pka" command to set the domain name on the Switch (S1).

b. Secure keys are needed to encrypt the data. Generate the RSA keys using a 1024 key length.

Answer: We need to use "crypto key generate rsa" command to generate a RSA key with 1024 length.

Step 2: Create an SSH user and reconfigure the VTY lines for SSH-only access.

a. Create an administrator user with cisco as the secret password.

Answer: To set the "administrator" user and password as "cisco", we need the command "username administrator secret cisco".

b. Configure the VTY lines to check the local username database for login credentials and to only allow SSH for remote access. Remove the existing vty line password.

To explain the command in this part, Let's break them down:

1. "line vty 0 15"

- This command enters configuration mode for VTY lines (virtual terminal lines).

- 0 15 means it applies to all 16 VTY lines (0 to 15), allowing up to 16 remote connections.

2. "transport input ssh"

- Restricts remote access to only SSH (disables Telnet for security).

- Ensures encrypted communication.

3. "login local"

- Requires users to authenticate using locally configured usernames and passwords (instead of a global password).

4. "no password cisco"

- This command is incorrect because login local already forces username/password authentication.

- no password cisco is used to remove a pre-set password (if any) from the VTY lines.

Step 3: Verify SSH Implementation

a. Exit the Telnet session and attempt to log back in using Telnet. The attempt should fail.

b. Attempt to log in using SSH. Type ssh and press Enter without any parameters to reveal the command usage instructions. Hint: The -l option is the letter “L”, not the number 1.

Answer: To connect the Switch (S1) using SSH, we need to this command "ssh -l administrator 10.10.10.2". Then, it will required you to input the password that we had set. (Password: cisco)

c. Upon successful login, enter privileged EXEC mode and save the configuration. If you were unable to successfully access S1, toggle the power and begin again at Part 1.

Answer: Use "copy running-config startup-config" to save the configuration.

By completing this task, you have successfully configured SSH on a Cisco switch in Packet Tracer. This ensures secure remote access by encrypting communication and requiring user authentication. Disabling Telnet further enhances security by preventing unencrypted access. Proper SSH configuration is a crucial step in network security and best practices for managing Cisco devices remotely.