Configure CISCO device for SSH
Posted by Wayne on Saturday, 1 February 2014
Post ported from old site
So it has been a few weeks since I posted anything, but thats what happens when you have a brand new baby to look after and a busy job on top of it. Things may be a bit slow for the next few months on the blog front. I've aslo decided that its time to get a new certification or two so I have started to study for my CCENT/CCNA and expect it to dominate my blogging for the next little while, so the first in the CISCO series of blogs, How to Configure a SISCO device for SSH access.
I recomment you connect to the device over a serial port to avoid loosing your connection if you type something wrong.
Enter configuration commands, one per line. End with CNTL/Z.
# configure the vty connections
CISCO(config)#line vty 0 4
--- we are going to use a local user account, native to the device but we could use a remote login server, such as RADIUS for this as well
CISCO(config-line)#transport input ssh
--- you can put telnet in the transport line above, but we really don't want that enabled
--- Now we need a user account to log in with
CISCO(config)#username admin password aComp1exp@ssword
--- In order to create the rsa key we need to set a domain name for the device
CISCO(config)#ip domain-name example.net
CISCO(config)#crypto key generate rsa
The name for the keys will be: CISCO.example.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus : 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
*Nov 24 0:4:8.988: %SSH-5-ENABLED: SSH 1.99 has been enabled
%SYS-5-CONFIG_I: Configured from console by console
--- Don't forget to save your new config
CISCO#copy running-config startup-config