How to Configure SSH on Cisco Router and Switch
In below post I have covered how to enable telnet on Cisco Router.
http://www.mytricks.in/2011/08/how-to-enable-telnet-on-cisco-router.html
Now I am going to show to enable SSH on Cisco Router, as telnet is not secured for remote administration of Cisco Switchs & Routers. In telnet Data including user password is send in clear text. So SSH is used for remote administration of Cisco Router, Switchs & ASA Firewall.
Now days all Cisco devices are by default supplied with SSH feature. To use the SSH on Cisco devices you need to have the Cisco IOS version which supports SSH. So let's get started.
Check whether SSH is enable or not on your Cisco Router/Switch,
Router# show ip ssh
%SSH has not been enabled
To enable SSH follow below steps,
1. Configure the Hostname on the Cisco Switch or Router
Router(config)# hostname router
2. Configure the Domain name
Router(config)# ip domain-name www.mytricks.in
3. Generate a RSA Key Pair
Router(config)# crypto key generate rsa
this command will enable SSH on the Cisco switch/Router.
4. Set the SSH Negotiation phase timeout interval (in seconds)
Router(config)# ip ssh time-out 60
This sets the time period for the Cisco Router/Switch to wait for 60 seconds before timing out the client during the SSH session.
5. Set the Maximum retry (maximum number of the Authentication retires )
Router(config)# ip ssh authetication-retries 2
6. To change the default port for SSH (default is 22)
MyRouter(config)# ip ssh port 22
7. Now disable Telnet access to the switch. This can be done by configuring SSH as the only transport agent.
Router(config)# line vty 0 15
Router(config)# transport input ssh
now only SSH is used to connect to the Cisco Routers/Switches remotely.
8. Save changes to the startup-config
MyRouter# wr mem
9. To check SSH status,
Router# show ip ssh
SSH Enabled – version 1.5
Authentication timeout: 60 secs; Authentication retries: 2
10. To view SSH connections
Router# show ssh
Connection Version Encryption State Username
1.5 3DES Session Started guest
Note: If you want to disable SSH on the Cisco Router,
Router(config)# crypto key zeroize rsa
This deletes the RSA key-pair. Once you delete the RSA key-pair, it disables the SSH server.
& change transport mode to telnet,
MyRouter(config)# line vty 0 15
MyRouter(config)# transport input telnet
http://www.mytricks.in/2011/08/how-to-enable-telnet-on-cisco-router.html
Now I am going to show to enable SSH on Cisco Router, as telnet is not secured for remote administration of Cisco Switchs & Routers. In telnet Data including user password is send in clear text. So SSH is used for remote administration of Cisco Router, Switchs & ASA Firewall.
Now days all Cisco devices are by default supplied with SSH feature. To use the SSH on Cisco devices you need to have the Cisco IOS version which supports SSH. So let's get started.
Check whether SSH is enable or not on your Cisco Router/Switch,
Router# show ip ssh
%SSH has not been enabled
To enable SSH follow below steps,
1. Configure the Hostname on the Cisco Switch or Router
Router(config)# hostname router
2. Configure the Domain name
Router(config)# ip domain-name www.mytricks.in
3. Generate a RSA Key Pair
Router(config)# crypto key generate rsa
this command will enable SSH on the Cisco switch/Router.
4. Set the SSH Negotiation phase timeout interval (in seconds)
Router(config)# ip ssh time-out 60
This sets the time period for the Cisco Router/Switch to wait for 60 seconds before timing out the client during the SSH session.
5. Set the Maximum retry (maximum number of the Authentication retires )
Router(config)# ip ssh authetication-retries 2
6. To change the default port for SSH (default is 22)
MyRouter(config)# ip ssh port 22
7. Now disable Telnet access to the switch. This can be done by configuring SSH as the only transport agent.
Router(config)# line vty 0 15
Router(config)# transport input ssh
now only SSH is used to connect to the Cisco Routers/Switches remotely.
8. Save changes to the startup-config
MyRouter# wr mem
9. To check SSH status,
Router# show ip ssh
SSH Enabled – version 1.5
Authentication timeout: 60 secs; Authentication retries: 2
10. To view SSH connections
Router# show ssh
Connection Version Encryption State Username
1.5 3DES Session Started guest
Note: If you want to disable SSH on the Cisco Router,
Router(config)# crypto key zeroize rsa
This deletes the RSA key-pair. Once you delete the RSA key-pair, it disables the SSH server.
& change transport mode to telnet,
MyRouter(config)# line vty 0 15
MyRouter(config)# transport input telnet
