Configuring SSH

Always use SSH, telnet is gone.


Configuring SSH includes configuring a domain name (ip domain-name WORD), generate rsa key (crypto key generate rsa), specify only ssh for vty connection (transport input ssh), specify where to find username and password list (login WORD. This could be local, if you use local, you will want to create username and password in the router)


First you have to configure a domain name for your router with the command (enter this command at the global configuration level)


ip domain-name WORD


WORD: the domain name string.


Then you generate rsa key by the command


crypto key generate rsa [general-keys | usage-keys]


In the picture above, when you try to create an rsa key, there will be two parameters



  1. General-keys. By default Cisco routers use the same key for all encryption (SSH, HTTPS, …)

  2. Usage-keys. Usage-keys create a unique key.


Bit range of an rsa key is 360bits – 2048bits. A minimum of 1024 is usually used. For old series router (2500, 2600 series), generating an rsa key could take a long time (10 – 15 minutes).


You can configure some ssh options through the command (from the global configuration level)


ip ssh time-out NUMBER


NUMBER: in sec, 1-120 secs.


ip ssh authentication retries NUMBER


NUMBER: 0-5 retries



0 comments:

top