How To Configure SSH On Cisco Routers

SSH is used to take remote access of A router from any remote location. SSH  use RSA algorithm to secure the terminal access which is not available by using telnet. SSH use port number of 22 & uses TCP at Transport Layer. The full form of SSH is Secure Shell.

Requirements To Enable SSH on a Router:

  1. The router must configured with a password in enable mode. The password can be plain text or encrypted. Its recomended to use a encrypted password.
    You can Use below command to configure enable mode password on a Router – 
    R1(config)#enable password <cisco>
    (or)
    MY_ROUTER(config)#enable secret <cisco>
  2. A hostname must assigned to the router with below command – 
    R1(config)#hostname MY_ROUTER
  3. A Domain Name Must Be Configured – 
    R1(config)#ip domain name <cisco.com>
  4. A local username and password need to be configured – 
    R1(config)#username <user> password <password>
  5. A encrypted crypto key need to generated to enable SSH –
    R1(config)#crypto key generate rsa
    (Minimum 360 bit to 2048 bit encryption key must be generated. It can have more value depending upon the models)

Now you are all ready to allow access for SSH on your router at Virtual Terminal. To do this follow below command – 

MY_ROUTER(config)#line vty 0 4
MY_ROUTER(config-line)#login local
MY_ROUTER(config-line)#login local
MY_ROUTER(config-line)#exit
MY_ROUTER(config)#


Full Command Is Used Below for Example. Here I have take enable Mode password as 123456. Used hostname of router as R1. Local User name and password as User & 123. Configured domain name as cisco.com. Generated a rsa key with 1024 bit encryption and permitted SSH on line vty with Local Login Permission.

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#username user password 123
R1(config)#enable password 123456
R1(config)#ip domain name cisco.com
R1(config)#crypto key generate rsa
% You already have RSA keys defined named MY_ROUTER.cisco.com .
% Do you really want to replace them? [yes/no]: yes
The name for the keys will be: R1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

R1(config)#line vty 0 4
*Mar 1 0:1:31.14: %SSH-5-ENABLED: SSH 1.99 has been enabled
R1(config-line)#login local
R1(config-line)#exit