How to configure SSH on Cisco switch or Router
Configuring SSH on Cisco switch:
SSH is a protocol that provides a secure, remote connection to a device. SSH provides
more security for remote connections than Telnet does by providing strong encryption
when a device is authenticated. This software release supports SSH Version 1 (SSHv1)
and SSH Version 2 (SSHv2).
Follow these guidelines when configuring the switch as an SSH server or SSH client:
1 An RSA key pair generated by a SSHv1 server can be used by an SSHv2 server, and
2 If the SSH server is running on a stack master and the stack master fails, the new stack
master uses the RSA key pair generated by the previous stack master.
3 If you get CLI error messages after entering the crypto key generate rsa global
configuration command, an RSA key pair has not been generated. Reconfigure the
hostname and domain, and then enter the crypto key generate rsa command. For more
information, see the "Setting Up the Switch to Run SSH" section.
4 When generating the RSA key pair, the message No host name specified might appear.
If it does, you must configure a hostname by using the hostname global configuration
5 When generating the RSA key pair, the message No domain specified might appear. If
it does, you must configure an IP domain name by using the ip domain-name global
6 When configuring the local authentication and authorization authentication method,
make sure that AAA is disabled on the console.
The configuration steps:
1. Setup Management IP
First, make sure you have performed basic network configurations on your switch. For
example, assign default gateway, assign management ip-address, etc. If this is already
done, skip to the next step.
In the following example, the management ip address is set as 192.168.101.2 in the 101
VLAN. The default gateway points to the firewall, which is 192.168.101.1
# ip default-gateway 192.168.101.1
# interface vlan 101
(config-if)# ip address 192.168.101.2 255.255.255.0
2. Set hostname and domain-name
Next, make sure the switch has a hostname and domain-name set properly.
# config t
(config)# hostname myswitch
(config)# ip domain-name thegeekstuff.com
3. Generate the RSA Keys
The switch or router should have RSA keys that it will use during the SSH process. So,
generate these using crypto command as shown below.
myswitch(config)# crypto key generate rsa
The name for the keys will be: myswitch.thegeekstuff.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
Also, if you are running on an older Cisco IOS image, it is highly recommended that you
upgrade to latest Cisco IOS.
4. Setup the Line VTY configurations
Setup the following line vty configuration parameters, where input transport is set to SSH.
Set the login to local, and password to 7.
# line vty 0 4
(config-line)# transport input ssh
(config-line)# login local
(config-line)# password 7
If you have not set the console line yet, set it to the following values.
# line console 0
(config-line)# logging synchronous
(config-line)# login local
5. Create the username password
If you don’t have an username created already, do it as shown below.
myswitch# config t
Enter configuration commands, one per line. End with CNTL/Z.
myswitch(config)# username ramesh password mypassword
Note: If you don’t have the enable password setup properly, do it now.
myswitch# enable secret myenablepassword
Make sure the password-encryption service is turned-on, which will encrypt the
password, and when you do “sh run”, you’ll seee only the encrypted password and not
myswitch# service password-encryption
6. Verify SSH access
From the switch, if you do ‘sh ip ssh’, it will confirm that the SSH is enabled on this cisco
myswitch# sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
After the above configurations, login from a remote machine to verify that you can ssh to
this cisco switch.
In this example, 192.168.101.2 is the management ip-address of the switch.
remote-machine# ssh 192.168.101.2
login as: ramesh
Using keyboard-interactive authentication.
It is referred from: http://www.thegeekstuff.com/2013/08/enable-ssh-cisco/
CISCO SSH configuration template
How to recovery deleted Cisco-Router-IOS ?
Cisco switch used protocol
How To Recover Cisco Router Password
The Difference of The Cisco Catalyst 2900 and Cisco Catalyst 1900
More Cisco products and Reviews you can visit: http://www.3anetwork.com/blog
3Anetwork.com is a world leading Cisco networking products wholesaler, we wholesale
original new Cisco networking equipments, including Cisco Catalyst switches, Cisco
routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface cards
products at competitive price and ship to worldwide.
Our website: http://www.3anetwork.com
Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong