How to configure ssh on cisco switch or router


Published on

Leading Cisco networking products
How to configure ssh on cisco switch or router

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How to configure ssh on cisco switch or router

  1. 1. How to configure SSH on Cisco switch or Router Configuring SSH on Cisco switch: SSH is a protocol that provides a secure, remote connection to a device. SSH provides more security for remote connections than Telnet does by providing strong encryption when a device is authenticated. This software release supports SSH Version 1 (SSHv1) and SSH Version 2 (SSHv2). Configuration Guidelines Follow these guidelines when configuring the switch as an SSH server or SSH client: 1 An RSA key pair generated by a SSHv1 server can be used by an SSHv2 server, and the reverse. 2 If the SSH server is running on a stack master and the stack master fails, the new stack master uses the RSA key pair generated by the previous stack master. 3 If you get CLI error messages after entering the crypto key generate rsa global configuration command, an RSA key pair has not been generated. Reconfigure the hostname and domain, and then enter the crypto key generate rsa command. For more information, see the "Setting Up the Switch to Run SSH" section. 4 When generating the RSA key pair, the message No host name specified might appear. If it does, you must configure a hostname by using the hostname global configuration command. 5 When generating the RSA key pair, the message No domain specified might appear. If it does, you must configure an IP domain name by using the ip domain-name global configuration command. 6 When configuring the local authentication and authorization authentication method, make sure that AAA is disabled on the console. The configuration steps: 1. Setup Management IP First, make sure you have performed basic network configurations on your switch. For example, assign default gateway, assign management ip-address, etc. If this is already done, skip to the next step. In the following example, the management ip address is set as in the 101 VLAN. The default gateway points to the firewall, which is # ip default-gateway 1
  2. 2. # interface vlan 101 (config-if)# ip address 2. Set hostname and domain-name Next, make sure the switch has a hostname and domain-name set properly. # config t (config)# hostname myswitch (config)# ip domain-name 3. Generate the RSA Keys The switch or router should have RSA keys that it will use during the SSH process. So, generate these using crypto command as shown below. myswitch(config)# crypto key generate rsa The name for the keys will be: Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. Also, if you are running on an older Cisco IOS image, it is highly recommended that you upgrade to latest Cisco IOS. 4. Setup the Line VTY configurations Setup the following line vty configuration parameters, where input transport is set to SSH. Set the login to local, and password to 7. # line vty 0 4 (config-line)# transport input ssh (config-line)# login local (config-line)# password 7 (config-line)# exit If you have not set the console line yet, set it to the following values. # line console 0 (config-line)# logging synchronous (config-line)# login local 5. Create the username password If you don’t have an username created already, do it as shown below. myswitch# config t Enter configuration commands, one per line. End with CNTL/Z. 2
  3. 3. myswitch(config)# username ramesh password mypassword Note: If you don’t have the enable password setup properly, do it now. myswitch# enable secret myenablepassword Make sure the password-encryption service is turned-on, which will encrypt the password, and when you do “sh run”, you’ll seee only the encrypted password and not clear-text password. myswitch# service password-encryption 6. Verify SSH access From the switch, if you do ‘sh ip ssh’, it will confirm that the SSH is enabled on this cisco device. myswitch# sh ip ssh SSH Enabled - version 1.99 Authentication timeout: 120 secs; Authentication retries: 3 After the above configurations, login from a remote machine to verify that you can ssh to this cisco switch. In this example, is the management ip-address of the switch. remote-machine# ssh login as: ramesh Using keyboard-interactive authentication. Password: myswitch>en Password: myswitch# It is referred from: More related: CISCO SSH configuration template How to recovery deleted Cisco-Router-IOS ? Cisco switch used protocol How To Recover Cisco Router Password The Difference of The Cisco Catalyst 2900 and Cisco Catalyst 1900 More Cisco products and Reviews you can visit: 3
  4. 4. is a world leading Cisco networking products wholesaler, we wholesale original new Cisco networking equipments, including Cisco Catalyst switches, Cisco routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface cards products at competitive price and ship to worldwide. Our website: Telephone: +852-3069-7733 Email: Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong 4