SSH configure on Cisco router:
There are two versions of Secure Shell: SSH1 and SSH2. CiscoIOS 12.1(3)T was the first version to support SSH1; however, it does require the Data Encryption Standard (DES) or triple DES (3DES) IPSec encryption version of the IOS.
Step 1:
Router>enable
Router#configure terminal
Router(config)#hostname ssh >> hostname “ssh”. Its depend on you
ssh(config)#enable password 12345 >> (Optional) configure the privilege password
ssh(config)#ip domain-name cisco.com >> Create domain as your policy
ssh(config)#username admin password cisco >> also use “secret” instead of “password”
ssh(config)#ip ssh version 2 >> For version 2, default version 1
ssh(config)#crypto key generate rsa >> Generate RSA encryption key (Note: ssh#crypto key zeroize rsa >> to remove rsa key if needed)
........................................... Router Message......................................
The name for the keys will be: ssh.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 512 >> input bits as your requirement
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
.............................................................................................................
Step 2: Configure line vty
ssh(config)#line vty 0 4
ssh(config-line)#transport input ssh
ssh(config-line)#login local >> For local Username Password database....
optional:
ssh(config)#ip ssh time-out 20 >> how many minute wait
ssh(config)#ip ssh authentication-retries 2
Step 3: SSH to router from PC
PC>ssh -l admin 1.1.1.1
Open
Password: >> enter admin password
ssh>enable
Password: >> enter privilege password
ssh# >> finally you login
Show ssh status:
ssh#show ip ssh
ssh#debug ip ssh Example to SSH configure:
ssh#show running-config
Building configuration...
Current configuration : 920 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ssh
!
enable password 12345
!
username admin password 0 cisco
!
ip ssh version 2
ip ssh authentication-retries 2
ip ssh time-out 20
ip domain-name cisco.com
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.140.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 192.168.140.0
network 10.10.10.0 0.0.0.255
network 1.1.1.1 0.0.0.0
no auto-summary
!
ip classless
!
line con 0
line vty 0 4
login local
transport input ssh
!
end