Configuring SSH on Cisco Router

In this post, I’ll talk about configuring SSH on Cisco Router in 5 easy steps.

Why SSH and not Telnet?
SSH uses encryption keys to secure the data being sent over the channel. Telnet, in comparision to SSH, sends data in clear text over the network. This can be verified using a packet capturing software like Wireshark.
Hence SSH should always be the preferred method for remote access on a Cisco Router.

1. Configure a hostname

configuring ssh on cisco router

 
2. Configure a domain name

configuring ssh on cisco router

 
3. Configure a username and password

configuring ssh on cisco router

 
4. Generate keys for SSH

configuring ssh on cisco router


 
5. Enable SSH and configure authentication on VTY lines

configuring ssh on cisco router
To enable both telnet and SSH on the VTY lines, use the command transport input telnet ssh.

At this point SSH is configured and enabled, and we’re good to test our configuration:

configuring ssh on cisco router

configuring ssh on cisco router

 
 
Additional Configuration

 
Restricting to SSH Version 2
By default, both SSH versions 1 and 2 are supported. However, all connections can be restricted to SSH Version 2 using the following command.

configuring ssh on cisco router

 
Tweaking SSH

configuring ssh on cisco router9

Use ip ssh time-out to set the timeout in seconds, and specify the number of allowed authentication attempts using the ip ssh authentication-retries command.

Originally SSH always used the first RSA keypair generated on the router. However starting IOS Release 12.3(4)T, SSH can be configured to use other RSA keypair’s using the ip ssh rsa keypair-name command.

 
Logging SSH

configuring ssh on cisco router

Use ip ssh logging events to configure logging of SSH events. When a new connection attempt is made, following messages should appear in the log:

Mar 24 18:12:21.123: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.168.137.1 (tty = 0) using crypto cipher ‘aes256-cbc’, hmac ‘hmac-sha1’ Succeeded
CertVideos#
Mar 24 18:12:33.247: %SSH-5-SSH2_USERAUTH: User ‘shyam’ authentication for SSH2 Session from 192.168.137.1 (tty = 0) using crypto cipher ‘aes256-cbc’, hmac ‘hmac-sha1’ Succeeded
CertVideos#
Mar 24 18:12:37.875: %SSH-5-SSH2_CLOSE: SSH2 Session from 192.168.137.1 (tty = 0) for user ‘shyam’ using crypto cipher ‘aes256-cbc’, hmac ‘hmac-sha1’ closed

 
Show commands

configuring ssh on cisco router

configuring ssh on cisco router

Add a Comment

Your email address will not be published. Required fields are marked *