SSH configure on Cisco router:
There are two versions of Secure Shell: SSH1 and SSH2. CiscoIOS 12.1(3)T was the first version to support SSH1; however, it does require the Data Encryption Standard (DES) or triple DES (3DES) IPSec encryption version of the IOS.
Step 1:
Router>enable
Router#configure terminal
Router(config)#hostname ssh >> hostname “ssh”. Its depend on you
ssh(config)#enable password 12345 >> (Optional) configure the privilege password
ssh(config)#ip domain-name cisco.com >> Create domain as your policy
ssh(config)#username admin password cisco >> also use “secret” instead of “password”
ssh(config)#ip ssh version 2 >> For version 2, default version 1
ssh(config)#crypto key generate rsa >> Generate RSA encryption key (Note: ssh#crypto key zeroize rsa >> to remove rsa key if needed)
........................................... Router Message......................................
The name for the keys will be: ssh.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 512 >> input bits as your requirement
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
.............................................................................................................
Step 2: Configure line vty
ssh(config)#line vty 0 4
ssh(config-line)#transport input ssh
ssh(config-line)#login local >> For local Username Password database....
optional:
ssh(config)#ip ssh time-out 20 >> how many minute wait
ssh(config)#ip ssh authentication-retries 2
Step 3: SSH to router from PC
PC>ssh -l admin 1.1.1.1
Open
Password: >> enter admin password
ssh>enable
Password: >> enter privilege password
ssh# >> finally you login
Show ssh status:
ssh#show ip ssh
ssh#debug ip ssh Example to SSH configure:
ssh#show running-config
Building configuration...
Current configuration : 920 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ssh
!
enable password 12345
!
username admin password 0 cisco
!
ip ssh version 2
ip ssh authentication-retries 2
ip ssh time-out 20
ip domain-name cisco.com
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.140.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 192.168.140.0
network 10.10.10.0 0.0.0.255
network 1.1.1.1 0.0.0.0
no auto-summary
!
ip classless
!
line con 0
line vty 0 4
login local
transport input ssh
!
end
Great work!
ReplyDeletethanks, ERICK OSIKE.
ReplyDeleteplease give some suggetions and really very helpful thanks
ReplyDeleteLinksys Router Technical Support
Great job..
ReplyDeleteThis post is very Interesting and beautiful blog lovely presentation thanks for sharing your views.....
Visit my site Cisco Router Support