Enabling SSH on Cisco IOS

Micah Cerasani

Micah Cerasani

2 min read
Enabling SSH on Cisco IOS
Photo by Glenn Carstens-Peters / Unsplash

Enabling SSH on Cisco IOS is a secure way to remotely access and manage your network device. SSH encrypts all traffic, preventing any unauthorized access to your Cisco device. In this post, we will walk you through the steps to enable SSH on a Cisco switch. The process is the same across all devices running Cisco IOS, so you can use the same steps to set up SSH on routers as well.

Before we start, make sure you have access to the switch using Telnet or console connection, and you have administrative privileges. But let’s get something straight—friends don’t let friends use Telnet…so get your console cable, head to the device, and get up close and personal. 

Step 1: Configure the hostname and domain name

First, you need to configure the hostname and domain name on the switch. Use the following commands to set the hostname and domain name:

Switch# configure terminal 

Switch(config)# hostname [hostname] 

Switch(config)# ip domain-name [domain name]

Replace [hostname] with the name of your switch and [domain name] with your domain name.

Step 2: Create a local user and password

Switch(config)# username [username] secret [secret]

Replace [username] with the name of the user to add to the local database and [secret] with the password of the user. It is important to note that a password can be set for the user by issuing the following command, Switch(config)# username [username] password [password], however doing so is ill-advised as passwords are saved in the system configuration as plain text whereas a hash is used to store a secret, making it marginally safer against the casual shoulder surfer.

Step 3: Generate RSA keys

Next, generate RSA keys that will be used for secure communication. Use the following command to generate the RSA keys:

Switch(config)# crypto key generate rsa modulus 2048

This command generates RSA keys with a modulus of 2048 bits. You can set the modulus to a different value if you like, but there is a trade-off to make—the higher the number the more secure the encryption, however there is a penalty to performance as the higher number cause a longer computation process and is thus more CPU intensive. 

Step 4: Configure the SSH version and authentication

Now, configure the SSH version and authentication settings on the switch. Use the following command to enable SSH version 2.

Switch(config)# ip ssh version 2 

Step 5: Configure the SSH access

Finally, configure the SSH access on the switch. Use the following commands to allow SSH access from specific IP addresses or subnets:

Switch(config)# line vty 0 15 

Switch(config-line)# transport input ssh 

Switch(config-line)# login local

Step 6: Save the configuration

After completing the above steps, save the configuration using the following command:

Switch(config)# end

Switch# copy running-config startup-config

This command saves the configuration to the startup configuration file.

TLDR:

By following the steps outlined in this post, you ensure secure remote access to your Cisco IOS device.

Thanks for reading, and happy networking!

Read more