Configuring SSH
Today this tutorial is going be talking about how to configure SSH on a Cisco router or switch. SSH or Secure Shell encrypts the data that is sent from the terminal application to the device. Making if far more safer when it is compared to telnet which sends the data in plain text. To add support for SSH to a Cisco router or switch, the device needs some added information then just passwords. The device will need a username and password, this can be configured on a AAA server (Authentication Authorization and Accounting) or on the device locally this tutorial will focus on locally configured usernames and passwords. To set up SSH you need to configure that following information for the purpose of this tutorial the username will be ciscoskills and the password will be cisco.
- The first thing you need to do is change the vty lines in the device (router/switch) depending on the device you will have more vty lines. This command will check its local database for usernames and passwords. The command is entered under (config-line)# prompt with login local.
- The next step depends if you want to still allow telnet connections to the device (router/switch). This command is entered under (config-line)# prompt which is transport input telnet ssh. If you only want ssh connections then type the following in transport input ssh.
- You must enter an at least one username and password for the device (router/switch). This command is entered in global configuration mode (config)# which for this example the username will be ciscoskills and the password will be cisco. The command would be username ciscoskills password cisco in global configuration mode.
- You also must configure a DNS domain name for this example the domain will be lewiryan.github.io/ciscoskills. This command is entered in global configuration mode (config)# which for this example is ip domain-name lewiryan.github.io/ciscoskills.
- The final command to configure SSH is generate a key pair, This command Is entered in global configuration mode (config)# which is crypto key generate rsa. When asked the question how many bits in the modulus? Cisco documentation likes 1024. The more bits you have the longer the key and harder to crack. The default is 512, and probaly best to go for 2048.
This is what the follow commands would look like in the below output:
1Router_or_Switch#
2Router_or_Switch#configure terminal
3Enter configuration commands, one per line. End with CNTL/Z.
4Router_or_Switch(config)#line vty 0 4
5Router_or_Switch(config-line)#login local
6Router_or_Switch(config-line)#transport input telnet ssh
7Router_or_Switch(config-line)#exit
8Router_or_Switch(config)#username ciscoskills password cisco
9Router_or_Switch(config)#ip domain-name lewiryan.github.io/ciscoskills
10Router_or_Switch(config)#crypto key generate rsa
11The name for the keys will be: Router_or_Switch.lewiryan.github.io/ciscoskills
12Choose the size of the key modulus in the range of 360 to 2048 for your
13General Purpose Keys. Choosing a key modulus greater than 512 may take
14a few minutes.
15
16How many bits in the modulus \[512\]: 1024
17% Generating 1024 bit RSA keys, keys will be non-exportable...\[OK\]
18
19Router_or_Switch(config)#exit
20*Mar 1 0:4:8.988: %SSH-5-ENABLED: SSH 1.99 has been enabled
21
22%SYS-5-CONFIG\_I: Configured from console by console
That's it! This guide is meant for Cisco labs, but you would follow this information to set up a SSH connection with in a production network. It you would like more information a simple web search would work. You can also find more documentation at Cisco.com. I hope this information was helpful and if you have suggestions or comments? Let me hear them!
Static Comments:
How to speed up the login via SSH in Ubuntu by 100 times | Azoft Spotlight -
[...] Configuring SSH (lewiryan.github.io/ciscoskills) [...]
Configure Cisco SDM | Cisco Skills -
[...] Configuring SSH (lewiryan.github.io/ciscoskills) [...]