22
Apr

Enabling SSH access on a Cisco router

   Posted by: Dante   in General

Let’s go through a quick and easy way to enable SSHv2 access on a Cisco router. Should be similar on a switch.

  • Make sure the IOS has the crypto modules, usually identified by a “k9” or “k5” in the IOS file name. Check with show version
  • Configure a hostname with the command hostname and a domain name with the command ip domain-name
  • Generate a new keypair with crypto key generate rsa and use 2048 bits
  • Create a new username for SSH access: username sshuser password 0 mysshpassword. Replace sshuser and mysshpassword accordingly.
  • Configure SSH parameters:
    • ip ssh timeout 60
    • ip ssh authentication-retries 3
    • ip ssh rsa keypair-name NAME (replace NAME with the keypair name obtained from show crypto key mypubkey rsa
  • Prevent non-SSH sessions with line vty 0 4 and transport input ssh
  • Additionally, prevent SSH access from outside a certain subnet:
    • access-list 15 permit 192.168.0.0 0.0.0.255
    • line vty 0 4
    • access-class 15 in

Now SSHv2 should be enabled and accessible. All commands should be entered in global configuration mode, except for the show commands.

Tags: , , , ,

This entry was posted on Friday, April 22nd, 2011 at 11:20 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a reply

Name (*)
Mail (will not be published) (*)
URI
Comment