This quick tutorial will show you how to enable SSH on cisco switches or routers. Make sure your IOS supports Crypto otherwise SSH will not be available. The easy way to find that out is to check if your IOS name contains k9 value, ex. c3560-advipservicesk9-mz.122-46.se.bin.
1. Go to global configuration mode and configure a Hostname and Domain name:
Switch#config t
Switch(config)#hostname MyHostname
Switch(config)#ip domain-name MyDomainName
2. Generate RSA key pair:
Switch(config)#crypto key generate rsa
The name for the keys will be: MyHostname.MyDomainName
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]: 1024
Generating RSA keys ...
[OK]
[OK]
01:43:17: %SSH-5-ENABLED: SSH 1.99 has been enabled
3. At this point SSH has been enabled and is ready to use. Now you need to allow SSH connections to be accepted by a switch or a router:Switch(config)#line vty 0 15
Switch(config-line)#transport input ssh
4. Save the configurations, SSH is the only way to connect remotely to your switch or router.
Switch# copy running-config startup-config
Here are some other usefull commands for SSH:
This command will set the time-out period (in seconds) after which the SSH session will be terminated:
Switch(config)#ip ssh time-out 120
This command sets the maximum number of login attempts to 5:
Switch(config)#ip ssh authentication-retries 5
No comments:
Post a Comment