Thursday, October 6, 2011

SSH on CISCO Router

Here are the steps required to install SSH on a Cisco Router:
First you need to determine if you have the required IOS - IOS images with "K9" in the name will do. Not all routers support SSH. I am using the 2600 series.
Second log into your router and give it a host name with:

hostname R1

You will also need to configure a domain name:

ip domain name

Then use ip ssh to change the version to 2 if possible. You will not always be able to rely on ssh v2, but even version 1 will provide substantially better protection then telnet:

ip ssh version 2

Once you have that done go ahead and enter:

crypto key generate rsa

Then you have the option to choose how many bits the keys will be anywhere between 360 and 2048, I choose 1024 since it is very secure and the router can create the key quickly. The default is 512.
Then the final step. Create a user for ssh login and secure the vty lines:

user username privilege level 15 password yoursupersecrepassword

R1(config)#line vty 0 ?
  <1-181>  Last Line number

R1(config)#line vty 0 181
R1(config-line)#login local
R1(config-line)#transport input ssh

That is pretty much it! You can now login through putty or other ssh clients.

No comments:

Post a Comment