Posts Tagged ‘cisco’
Let’s go through a quick and easy way to enable SSHv2 access on a Cisco router. Should be similar on a switch.
- Make sure the IOS has the crypto modules, usually identified by a “k9” or “k5” in the IOS file name. Check with show version
- Configure a hostname with the command hostname and a domain name with the command ip domain-name
- Generate a new keypair with crypto key generate rsa and use 2048 bits
- Create a new username for SSH access: username sshuser password 0 mysshpassword. Replace sshuser and mysshpassword accordingly.
- Configure SSH parameters:
- ip ssh timeout 60
- ip ssh authentication-retries 3
- ip ssh rsa keypair-name NAME (replace NAME with the keypair name obtained from show crypto key mypubkey rsa
- Prevent non-SSH sessions with line vty 0 4 and transport input ssh
- Additionally, prevent SSH access from outside a certain subnet:
- access-list 15 permit 192.168.0.0 0.0.0.255
- line vty 0 4
- access-class 15 in
Now SSHv2 should be enabled and accessible. All commands should be entered in global configuration mode, except for the show commands.