Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
94 views

Cisco SSH

This document provides instructions on configuring SSH on Cisco devices. It discusses that SSH is an encrypted version of accessing a device's command line interface over TCP port 22. It notes the requirements of having a crypto IOS feature set. It then outlines the steps to configure SSH which include setting the hostname, domain name, time, generating the SSH keys with the crypto key generate rsa command, and enabling SSH transport on the vty lines with the transport input ssh command. It also provides examples for checking the SSH configuration and keys.

Uploaded by

jayarajan
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
94 views

Cisco SSH

This document provides instructions on configuring SSH on Cisco devices. It discusses that SSH is an encrypted version of accessing a device's command line interface over TCP port 22. It notes the requirements of having a crypto IOS feature set. It then outlines the steps to configure SSH which include setting the hostname, domain name, time, generating the SSH keys with the crypto key generate rsa command, and enabling SSH transport on the vty lines with the transport input ssh command. It also provides examples for checking the SSH configuration and keys.

Uploaded by

jayarajan
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Cisco Motivation and Study Techniques to help

you learn, remember, and pass your


CISSP
technical exams!
CEH
More coming soon...
SSH stands for Secure Shell

www.mindcert.com Visit us
SSH is an encrypted version way
of accessing the command line
interface of a device It is like an encrypted Telnet
What is SSH?
SSH should ALWAYS be used over a public connection or a
private network that is capable of being sniffed
Subscribe via RSS SSH uses TCP Port 22

You need a crypto IOS feature set in order to use SSH


There are two main commands to check SSH Newer IOS has it installed by default
Router#show ssh Older IOS will need the specific crypto image
You can check the SSH configuration Ensure you have a Crypto
See of the crypto commands are available
SSH Show Commands IOS Feature Set
Router#show crypto key mypubkey rsa To Check If you get an error Crypto is not
You can check the configuration of the RSA key
Router#show crypto ? enabled on your version of IOS

Now that SSH is configured, it needs to be


enabled so that you can use it The hostname needs to be set on the device as this is a
part of the certificate.
SSH is enabled on the Line
interfaces, similar to Telnet Configuring SSH on Router(config)#hostname MyRouterName
Step 1 - Set the Host Name Use the command
Router#conf t Cisco Devices Where MyRouterName is the name of your router

Router(config)#_line vty 0 4 Enable SSH with the command


Note, this command also disables telnet
Step 5 - Enable SSH transport The domain is also required for
Router(config-line)#transport input ssh the certificate generation
This enables SSH on the terminal lines Router(config)#ip domain-name mindcert.com
You then need to SSH to the device instead Step 2 - Set the Domain Use the command Replace mindcert.com with your
of using Telnet domain name

Now that the settings are all configured, you The key is generated with a timestamp to ensure
can generate the SSH keys on the device the time is set correctly on the device
These are the keys that are used to Check the current time Router#show clock
encrypt the traffic
Step 3 - Ensure the time is correct
Router(config)#crypto key generate rsa Router#clock set hh:mm:ss
Use the command Change the time
In the format of 09:00:00 for 0900
the default is 512 bits Step 4 - Generate the SSH keys
768 or 1024 is recommended You are asked to confirm the key
Some client ssh software requires a size
minimum of 768 bits
I would always recommend using 1024 bits

You might also like