CLI configuration of SSH on Cisco Router/Switch
Secure Shell (SSH) is a protocol like telnet which provides you a secure remote connection to network devices. Telnet communication is in clear text and a hacker can capture your login information and other contents using a packet sniffer. Whereas SSH creates an encrypted communications tunnel between you and the router. There are two types of SSH i.e.
- SSh version 1
- SSH version 2
Now a day’s everyone is using version 2 because it is more secure and have better encryption algorithm.
In this GNS3 lab I will show you that how you can configure your router or switch for SSH access, you need a k9(crypto) IOS image for SSH configuration. I have used 3725 IOS you can download it from this link: k9(crypto) Cisco IOS image
Lab Objective/Task:
1. Configure SSH communication on L3_Switch.
The topology is simple and our task is to configure SSH on L3_switch, we need the following steps on L3_Switch for accomplish this:
Configure the hostname:
Router#Enable
Router#config t
Router#(config)hostname L3_Switch
Telnet does required only the password where as SSH uses both username and password. Therefore we need to create a user for SSH.
L3_Switch#(config) aaa new-model
L3_Switch#(config) username admin secret 5 cisco (“secret” uses the MD5 hash in running config, where 5 Specifies a HIDDEN secret will follow and Cisco is the hidden password)
Configure the DNS domain:
L3_Switch#(config)ip domain name cisco.com
Enable SSH:
L3_Switch#(config) crypto key generate rsa
How many bits in the modulus [512]:
(If you can want to enable 512 bits encryption then press enter otherwise you can type the other values like 1024 etc.)
L3_Switch#(config)#ip ssh version 2
L3_Switch# (config)#line vty 0 4
L3_Switch# transport input SSH
L3_Switch# (config-line)#login local
Testing:
You can test SSH configuration from R2 by accessing L3_switch by SSH with following command:
ssh -l admin 192.168.72.100
Related Topic:
Configuration of SSH on Cisco Switch on packet tracer
