Routing & Switching

Configure SSH on Cisco routers & switches

In order to configure SSH you must have configured a  hostname, domain name, username/password, vty lines, and a crypto key generated.

Cisco configure ssh

Configure Hostname:

Switch(config)#hostname ?
  WORD  This system's network name
Switch(config)#hostname Office-SW1

Configure domain name:

Office-SW1(config)#ip ?
domain-name             Define the default domain name
Office-SW1(config)#ip domain-name lab.local

Generate crypto keys

Office-SW1(config)#crypto ?
key          Long term key operations
Office-SW1(config)#crypto key ?
generate      Generate new keys
Office-SW1(config)#crypto key generate ?
rsa  Generate RSA keys
Office-SW1(config)#crypto key generate rsa
The name for the keys will be: Office-SW1.lab.local
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
*Sep 16 07:20:01.038: %SSH-5-ENABLED: SSH 1.99 has been enabled

Create username and password:

Office-SW1(config)#username cisco privilege 15 password cisco

Configure your VTY lines:

Office-SW1(config)#line ?
  vty      Virtual terminal
Office-SW1(config)#line vty 0 4
Office-SW1(config-line)#transport ?
  input      Define which protocols to use when connecting to the terminal
Office-SW1(config-line)#transport input ?
  ssh     TCP/IP SSH protocol
Office-SW1(config-line)#transport input ssh
Office-SW1(config-line)#login ?
  local  Local password checking
Office-SW1(config-line)#login local

Test & Verification:
SSH to your switch or routers IP address using putty.

Accept the hosts key:

Show users connected:

Office-SW1#show users
    Line       User       Host(s)              Idle       Location
   2 vty 0     cisco      idle                 00:00:06