Thursday, December 15, 2016

Enabling SSH on Cisco Routers / Switches for Local Users

Basic yet a useful note, so made a post for my future reference.. Following commands are entered in global configuration mode..


1. Configure Domain name
Without a domain name, router will not be able to generate a RSA key itself
R(config)#ip domain name roshanznet.local

2. Generate Crypto keys
This will be used to generate key pairs for encryption & decryption of data. Keys of 1024 bits will be enough and processor friendly
R(config)#crypto key generate rsa

3. Enable SSH v2
More advanced version of SSH which is widely used will be enabled
R(config)#ip ssh version 2

4. Create Local User Accounts
These will be used as login credentials
R(config)#username roshan privilege 15 password cisco

5. Allow SSH on vty
These commands will define the input type and use local user database to login
R(config)#line vty 0 4
R(config-line)#transport input ssh
R(config-line)#login local

Because the keys are generated by the router itself, when you try to connect it using a terminal client, It will show this error. Hit yes and you are in..

Note:- Default name of the device "Router" will have to be changed to generate RSA Keys

0 comments to “Enabling SSH on Cisco Routers / Switches for Local Users”

Post a Comment