Today this tutorial is going be talking about how to configure SSH on a Cisco router or switch. SSH or Secure Shell encrypts the data that is sent from the terminal application to the device. Making if far more safer when it is compared to telnet which sends the data in plain text.
To add support for SSH to a Cisco router or switch, the device needs some added information then just passwords. The device will need a username and password, this can be configured on a AAA server (Authentication Authorization and Accounting) or on the device locally this tutorial will focus on locally configured usernames and passwords.
To set up SSH you need to configure that following information for the purpose of this tutorial the username will be ciscoskills and the password will be cisco.
- The first thing you need to do is change the vty lines in the device (router/switch) depending on the device you will have more vty lines. This command will check its local database for usernames and passwords. The command is entered under (config-line)# prompt with login local.
- The next step depends if you want to still allow telnet connections to the device (router/switch). This command is entered under (config-line)# prompt which is transport input telnet ssh. If you only want ssh connections then type the following in transport input ssh.
- You must enter an at least one username and password for the device (router/switch). This command is entered in global configuration mode (config)# which for this example the username will be ciscoskills and the password will be cisco. The command would be username ciscoskills password cisco in global configuration mode.
- You also must configure a DNS domain name for this example the domain will be ciscoskills.net. This command is entered in global configuration mode (config)# which for this example is ip domain-name ciscoskills.net.
- The final command to configure SSH is generate a key pair, This command Is entered in global configuration mode (config)# which is crypto key generate rsa. When asked the question how many bits in the modulus? Cisco documentation likes 1024. The more bits you have the longer the key and harder to crack. The default is 512.
This is what the follow commands would look like in the below output:
Router_or_Switch# Router_or_Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router_or_Switch(config)#line vty 0 4 Router_or_Switch(config-line)#login local Router_or_Switch(config-line)#transport input telnet ssh Router_or_Switch(config-line)#exit Router_or_Switch(config)#username ciscoskills password cisco Router_or_Switch(config)#ip domain-name ciscoskills.net Router_or_Switch(config)#crypto key generate rsa The name for the keys will be: Router_or_Switch.ciscoskills.net Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus : 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] Router_or_Switch(config)#exit *Mar 1 0:4:8.988: %SSH-5-ENABLED: SSH 1.99 has been enabled %SYS-5-CONFIG_I: Configured from console by console
That’s it! This guide is meant for Cisco labs, but you would follow this information to set up a SSH connection with in a production network. It you would like more information a simple web search would work. You can also find more documentation at Cisco.com. I hope this information was helpful and if you have suggestions or comments? Let me hear them!