Configuring SSH on a Router

How to enable SSH on a router
1. set router hostname
hostname R2

2. set a domain name
enter the following command at the global level to set the domain name to cisco.com
ip domain-name cisco.com

3. generate asymmetric keys
to generate a key that the router uses to encrypt its SSH management traffic, enter the command "crypto key generate rsa". you'll be asked to enter the size of the key modulus in range of 360 - 2048. for best practice, cisco recommends a minimum length of 1024. longer means more security. AFTER YOU GENERATE THE KEY, YOU WILL NOTICE THAT SSH HAS BEEN ENABLED.

4. configure local authentication and vty
to simplify the example, we will use local username (you can use third party authentication server such as TACACS+ or RADIUS) first you must create a local user. to create a username student with the encrypted password cisco, enter the command "username student secret cisco" at the global configuration level.  next enter the vty line configuration "line vty 0 4", enable login to look for local "login local", set the transport to ssh "transport input ssh".

5. configure SSH timeouts (optional)
this provides additional security. enter both command at global configuration level
ip ssh time-out 15
ip ssh authentication-retries 2



to connect to the router using SSH then you must connect to it with a SSH client (PuTTY, TeraTerm). you'll be prompted for username and password, enter the password and username you've configured. in the above example you enter the local created username (student with password cisco).

0 comments:

top