SSH Configuration on Cisco Switch and Router

1. Overview


Normally, Network Administrators sit on their desk and work with network devices using remote SSH from their computer. It is just sometime that they have to connect the console and work directly the the network devices.

In this tutorial will guide you about how to configure SSH remote management on Cisco router and this configuration also applicable on Cisco switch.

2. Prerequisites


In this article, it is presumed that:

a. You have already configured an IP address on the switch or router
b. You have a direct console access to switch or router

3. Configure SSH Remote Management


We can start with creating a user on Cisco router or switch. Login to the router or switch with the console and execute the following commands in the terminal.

# conf t
# username netadmin privilege 15 secret 1111

Next step is the the enable password

# enable secret 2222

We need to enable the service password-encryption to encrypt any password in clear-text.

# service password-encryption

Next, we need to create a domain name for router or switch, and the generate the encryption key.


# ip domain-name
# crypto key generate rsa
The name for the keys will be:
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable…[OK]

Now, we need to setup the line vty configuration parameters, where we only allow SSH remote manage and disable telnet remote management.

# line vty 04
  login local
  transport input ssh

We should only use SSH version 2 in to remote to any of our network devices.

# ip ssh version 2

# sh ip ssh
SSH Enabled – version 2.0
Authentication timeout: 120 secs; Authentication retries: 3

we should limit to only a specific network to do the SSH remote management on the network devices. It is highly recommend to enable an exec time-out on the router or switch, so it will automatically log out after the session has been idle for a set time

# ip access-list standard ACL-SSH
# line vty 0 4
   access-class  ACL-SSH  in
   exec-timeout 5

We should enable Authentication, Authorization & Accounting Services (AAA). So every time we login the device, we need to type in the enable password.

# aaa new-model

4. Test Remote SSH


Start Putty program and enter the management IP address of the switch to do the remote SSH and we should get a successful result as the following.

5. Conclusion


Now you should be able to remote SSH to your Cisco router and switch remotely from your working desk without directly console with the device. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.