SSH configuration on IOS Router and Switch

Secure Shell (SSH) provides a secure and reliable mean of connecting to remote devices. It’s an encrypted network protocol that allows users to safely access equipment via command line interface sessions. SSH makes use of TCP port 22 which’s assigned to secure logins, file transfer and port forwarding.

SSH uses public key for authenticating the remote device and encrypt all data between that device and the workstation which makes it the best choice for public networks, unlike (telnet) which transmits data in plain text which subjects it to security threats, this makes (telnet) recommended for private networks only to keep the data uncompromised.

Before continue this LAB first make sure you have already done your basic configuration for your router or switch like IP address configuration, setup gateway, set enable or secret password etc. If this is already done than follow the next steps:-

Step-1: Hostname and Domain-name configuration

Router(config)# hostname LAB
LAB(config)# ip domain-name

Step-2: Generate the RSA Keys

The router should have RSA keys that it will use during the SSH process. So, generate these using crypto command as shown below.

LAB(config)# crypto key generate rsa 
The name for the keys will be: 
Choose the size of the key modulus in the range of 360 to 2048 for your   
General Purpose Keys. Choosing a key modulus greater than 512 may take   a few minutes.
How many bits in the modulus [512]: 1024 
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

Step-4: Line VTY configurations for SSH

Setup the following line vty configuration parameters, where input transport is set to SSH. Set the login to local, and password to 7.

LAB(config)#line vty 0 4
LAB(config-line)# transport input ssh
LAB(config-line)# login local
LAB(config-line)# password 7
LAB(config-line)# exit

Step-5: Add username and password

If you don’t have any created user than create a username and password for SSH

LAB(config)# username nazrul password sshpassword

Step-6: SSH Verify 

For verifying ssh from router you just put ip ssh command than router will show you is ssh enable on your router or not.

LAB#sh ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,pass

Now you can able to ssh from remote host.

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *