How to configure SSH on Cisco IOS

In a former lesson, I explained how you can use telnet for distant access to your Cisco IOS devices. The trouble with telnet is that everything is sent in plaintext, for that reason you shouldn ’ t use it .
SSH ( Secure Shell ) is a procure method acting for distant access as is includes authentication and encoding. To do this, it uses a RSA public/private keypair .
There are two versions : interpretation 1 and 2. translation 2 is more secure and normally used .
death but not least, to configure SSH you require an IOS prototype that supports crypto features. otherwise you won ’ triiodothyronine be able to configure SSH.


To demonstrate SSH, I will use the stick to topology :
R1 R2 Gigabit Links
We will configure SSH on R1 so that we can entree it from any other device. R2 will be used as a SSH customer .

SSH Server

the name of the RSA keypair will be the hostname and world appoint of the router. Let ’ s configure a hostname :

Router(config)#hostname R1

And a sphere diagnose :

R1(config)#ip domain-name NETWORKLESSONS.LOCAL

now we can generate the RSA keypair :

R1(config)#crypto key generate rsa
The name for the keys will be: R1.NETWORKLESSONS.LOCAL
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 3 seconds)

When you use the crypto key generate rsa command, it will ask you how many bits you want to use for the key size. How much should you pick ?
It ’ south best to check the next generation encoding article from Cisco for this. At this moment, a key size of 2048 bits is acceptable. Key sizes of 1024 or smaller should be avoided. Larger key sizes besides take longer to calculate .
once the keypair has been generated, the following message will appear :

%SSH-5-ENABLED:  SSH 1.99 has been enabled 

As you can see above, SSH interpretation 1 is the nonpayment version. Let ’ s switch to version 2 :

R1(config)#ip ssh version 2

SSH is enabled but we besides have to configure the VTY lines :

R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local

This ensures that we only want to use SSH ( not telnet or anything else ) and that we want to check the local database for usernames. Let ’ s create a user :

R1(config)#username admin password my_password

Everything is immediately in place. We should be able to connect to R1 through SSH now .

SSH Client

The most common SSH client is credibly putty. The only thing you have to do is to select the SSH protocol, enter the IP cover and leave the default port at 22 :
Putty SSH
You will see this on the putty console :

login as: admin
Using keyboard-interactive authentication.

You can besides use another Cisco IOS device as a SSH customer. here ’ s how :

R2#ssh ?
  -c    Select encryption algorithm
  -l    Log in using this user name
  -m    Select HMAC algorithm
  -o    Specify options
  -p    Connect to this port
  -v    Specify SSH Protocol Version
  -vrf  Specify vrf name
  WORD  IP address or hostname of a remote system

There are quite some options but as a minimum, we should specify a username and IP address :

R2#ssh -l admin


We are now connected to R1 through SSH .
desire to take a search for yourself ? here you will find the final configuration of each device .

hostname R1
ip cef
username admin password 0 my_password
interface GigabitEthernet0/1
 ip address
ip ssh version 2
line vty 0 4
 login local
 transport input ssh


hostname R2
ip cef
interface GigabitEthernet0/1
 ip address

SSH Server and Client


You have now learned how to configure the SSH server on your Cisco IOS router or switch and how to use the SSH client .

  • SSH is a secure method for remote access to your router or switch, unlike telnet.
  • SSH requires a RSA public/private key pair.
  • SSH version 2 is more secure than version 1.
  • Make sure you have an IOS image that supports crypto features, otherwise you can’t use SSH.
generator :
Category : Tech

About admin

I am the owner of the website, my purpose is to bring all the most useful information to users.

Check Also


Manage participants in a zoom meeting webinar

Call the people who attend the meet as follows Alternate host host Who scheduled the …

Leave a Reply

Your email address will not be published.