Jesin's Blog

Welcome to the Portal of Technology

  • Facebook
  • GitHub
  • RSS
  • Twitter
  • Home
  • Categories
    • Domains
    • Linux
    • Networking
    • PHP
    • Virtualization
    • Web Design
    • Web Servers
    • Windows
  • WordPress Plugins
    • Custom Error Pages
    • HTTP Digest Authentication
    • Mailgun Email Validator
  • Toolbox
    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool
  • About Me
  • Contact Me
  • Sitemap
Home ›
Networking ›
Configure Cisco Routers for SSH Access

Configure Cisco Routers for SSH Access

July 24, 2011 Networking Jesin A 1 Comment

networking category thumbnail

In the previous article we how to configure Cisco routers and switches for telnet access and in this article we’ll see how to do the same with SSH. SSH is always preferred because it is very much secure than telnet. A quick intro on SSH, it expands to Secure Shell, listens on port 22, uses public key cryptography technique for encryption. Because SSH uses keys we need to generate one on the router. To connect using SSH from a windows system a third party software such as putty us needed, but for Linux users a SSH client is built into all distributions.

Follow the commands below to configure your Cisco router for SSH access.

Router>enable
Router#configure terminal
Router(config)#hostname Router1
Router(config)#enable secret password
Router1(config)#ip domain-name websistent.com
Router1(config)#crypto key generate rsa
......Output omitted................
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
Router1(config)#username jesin password sshpwd
Router1(config)#service password-encryption
Router1(config)#line vty  0 4
Router1(config-line)#transport input ssh

Setting a hostname other than the work “Router” is mandatory for SSH to work. If you haven’t set a privileged mode password already use the enable secret command to set the password of your choice. The number 2048 is the size of the key, a larger size makes it more difficult to hack the connection but is also makes the connection slow. In the last transport command you can include “telnet” at the end if you want both telnet and SSH access. Another way to configure SSH access with setting privileged mode password can also be done by setting the privilege level of the username to 15.

Router>enable
Router#configure terminal
Router(config)#hostname Router1
Router1(config)#ip domain-name websistent.com
Router1(config)#crypto key generate rsa
...................output omitted............................
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
Router1(config)#username jesin privilege 15 secret sshpw
Router1(config)#line vty 0 4
Router1(config-line)#login local
Router1(config-line)#transport input ssh

The “privilege 15” in the username command will ensure the user will always be logged in to privilege mode. The word “secret” instead of password store the password in encrypted format

To connect using telnet on windows download PuTTY. Open it enter your router’s IP address or hostname and click connect. The first time you’ll see an alert message like the one below.

putty ssh alert
The first time you connect with SSH you'll see this warning

Click “Yes”, enter your username and password and start managing your router. On Linux systems the SSH client is installed along with the OS, so just use the following command.

ssh username@hostname-or-ip-address

Related posts:

networking category thumbnailConfigure Cisco Routers and Switches for Telnet Access networking category thumbnailConfigure Cisco Console Password networking category thumbnailHow to Configure PPP in Cisco Routers networking category thumbnailHow to recover a Cisco device password networking category thumbnailCisco Account Lockout using login block-for

Tags: cisco, ssh

Comments

  1. Logan says

    February 4, 2017 at 7:13 pm

    It may be six years after your post was made, but this was the exact information I was looking for. Thanks

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get a wealth of information delivered to your inbox. Subscribe and never miss a single article.

  • Tutorials and howtos
  • Code, scripts and commands
  • Online Tools

* No spam, unsubscribe anytime

Hire Me

  • SSL installation and hardening (A+ on Qualys SSL test)
  • Apache & Nginx configuration
  • Email deliverability improvement (10/10 on Mail Tester & MailGenius)
  • WordPress customization, optimization and migration
  • and much more…

    Tools

    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool

    Nav

    • Home
    • About Me
    • Contact Me
    • Privacy Policy
    • Sitemap
    Vultr SSD VPS

    Creative Commons License
    Jesin's Blog by Jesin A is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
    Based on a work at websistent.com.