Search

Home >> Knowledgebase >> TCP/IP >> How to configure SSH server in Cisco Router

How to configure SSH server in Cisco Router

Following steps explains how to configure SSH server in Cisco Router. Please refer below image.

cisco-router-ssh-server.gif

Step 1 - Configure an IP address for the Cisco router, if you do not have an IP address configured for the selected interface of Cisco Router.


R1#configure terminal
R1(config)#interface gigabitEthernet 1/0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#exit
R1#

Step 2 - Configure a hostname and domain name for the Cisco Router as shown below. Hostname and domain name are required to associate crypto keys with Cisco router.


R1#configure terminal
R1(config)#hostname OMNISECU-ROUTER-1
OMNISECU-ROUTER-1(config)#exit
OMNISECU-ROUTER-1#




OMNISECU-ROUTER-1#configure terminal
OMNISECU-ROUTER-1(config)#ip domain-name omnisecu.pvt
OMNISECU-ROUTER-1(config)#exit
OMNISECU-ROUTER-1#

Step 3 - Generate RSA encryption key pair. Here I had selected modulus as 2048. If you select larger modulus value, the stronger will be the encryption security. but larger modulus value requires more computing resources.


OMNISECU-ROUTER-1#configure terminal
OMNISECU-ROUTER-1(config)#crypto key generate rsa modulus 2048
The name for the keys will be: OMNISECU-ROUTER-1.omnisecu.pvt
% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
OMNISECU-ROUTER-1(config)#
*Jul 27 05:36:38.511: %SSH-5-ENABLED: SSH 1.99 has been enabled
OMNISECU-ROUTER-1(config)#exit
OMNISECU-ROUTER-1#

Step 4 - Select an SSH version. Always remember to select SSH version as 2.


OMNISECU-ROUTER-1#
OMNISECU-ROUTER-1#configure terminal
OMNISECU-ROUTER-1(config)#ip ssh version 2
OMNISECU-ROUTER-1(config)#exit
OMNISECU-ROUTER-1#

Step 5 - Create a local username, privilege level and associated password to login to Cisco Router. 


R1#configure terminal
R1(config)#username jajish privilege 15 secret omnisecu
R1(config)#exit
R1#

Step 6 - Instruct Cisco Router to use SSH instead of TELNET, a privilege level for user login via SSH and to use local user database for authentication.


OMNISECU-ROUTER-1#configure terminal
OMNISECU-ROUTER-1(config)#line vty 0 15
OMNISECU-ROUTER-1(config-line)#transport input ssh
OMNISECU-ROUTER-1(config-line)#privilege level 15
OMNISECU-ROUTER-1(config-line)#login local
OMNISECU-ROUTER-1(config-line)#exit
OMNISECU-ROUTER-1(config)#exit
OMNISECU-ROUTER-1#

<< How to install OpenSSH Server in Windows Server using PowerShell
PuTTY login to Cisco Router using SSH protocol >>
Related Tutorials
What is SSH (Secure Shell)
History of SSH protocol
What SSH can do
Versions of SSH Protocol
RFCs related with SSH protocol
SSH Protocols and Products
SSH Client and SSH Server
SSH Components
SSH Packet Format
SSH Encryption Algorithms
Hash values, MAC and HMAC in SSH
What is SSH host key
How SSH works
How to install OpenSSH server in Windows Server
How to start OpenSSH Service in Windows Server
How to install OpenSSH Server in Windows Server using PowerShell
PuTTY login to Cisco Router using SSH protocol
How to install OpenSSH client in Windows 10
Port forwarding using SSH
How to configure SSH port forwarding