Posts Tagged ‘cisco’


Enabling SSH access on a Cisco router

   Posted by: Dante    in General

Let’s go through a quick and easy way to enable SSHv2 access on a Cisco router. Should be similar on a switch.

  • Make sure the IOS has the crypto modules, usually identified by a “k9” or “k5” in the IOS file name. Check with show version
  • Configure a hostname with the command hostname and a domain name with the command ip domain-name
  • Generate a new keypair with crypto key generate rsa and use 2048 bits
  • Create a new username for SSH access: username sshuser password 0 mysshpassword. Replace sshuser and mysshpassword accordingly.
  • Configure SSH parameters:
    • ip ssh timeout 60
    • ip ssh authentication-retries 3
    • ip ssh rsa keypair-name NAME (replace NAME with the keypair name obtained from show crypto key mypubkey rsa
  • Prevent non-SSH sessions with line vty 0 4 and transport input ssh
  • Additionally, prevent SSH access from outside a certain subnet:
    • access-list 15 permit
    • line vty 0 4
    • access-class 15 in

Now SSHv2 should be enabled and accessible. All commands should be entered in global configuration mode, except for the show commands.

Tags: , , , ,