Sei sulla pagina 1di 4

How to configure SSH on Cisco switch or Router

Configuring SSH on Cisco switch: SSH is a protocol that provides a secure, remote connection to a device. SSH provides more security for remote connections than Telnet does by providing strong encryption when a device is authenticated. This software release supports SSH Version 1 SSHv1! and SSH Version " SSHv"!. Configuration Guidelines #ollow these guidelines when configuring the switch as an SSH server or SSH client: 1 $n %S$ &ey pair generated by a SSHv1 server can be used by an SSHv" server, and the reverse. " 'f the SSH server is running on a stac& master and the stac& master fails, the new stac& master uses the %S$ &ey pair generated by the previous stac& master. ( 'f you get C)' error messages after entering the crypto &ey generate rsa global configuration command, an %S$ &ey pair has not been generated. %econfigure the hostname and domain, and then enter the crypto &ey generate rsa command. #or more information, see the *Setting +p the Switch to %un SSH* section. , -hen generating the %S$ &ey pair, the message .o host name specified might appear. 'f it does, you must configure a hostname by using the hostname global configuration command. / -hen generating the %S$ &ey pair, the message .o domain specified might appear. 'f it does, you must configure an '0 domain name by using the ip domain1name global configuration command. 2 -hen configuring the local authentication and authori3ation authentication method, ma&e sure that $$$ is disabled on the console. The configuration steps: 1. Setup Management IP #irst, ma&e sure you have performed basic networ& configurations on your switch. #or e4ample, assign default gateway, assign management ip1address, etc. 'f this is already done, s&ip to the ne4t step. 'n the following e4ample, the management ip address is set as 15".126.171." in the 171 V)$.. The default gateway points to the firewall, which is 15".126.171.1 8 ip default1gateway 15".126.171.1
1

8 interface vlan 171 config1if!8 ip address 15".126.171." "//."//."//.7 . Set hostname and domain!name .e4t, ma&e sure the switch has a hostname and domain1name set properly. 8 config t config!8 hostname myswitch config!8 ip domain1name thegee&stuff.com ". Generate the RS# $e%s The switch or router should have %S$ &eys that it will use during the SSH process. So, generate these using crypto command as shown below. myswitch config!8 crypto &ey generate rsa The name for the &eys will be: myswitch.thegee&stuff.com Choose the si3e of the &ey modulus in the range of (27 to "7,6 for your 9eneral 0urpose :eys. Choosing a &ey modulus greater than /1" may ta&e a few minutes. $lso, if you are running on an older Cisco ';S image, it is highly recommended that you upgrade to latest Cisco ';S. &. Setup the 'ine (T) configurations Setup the following line vty configuration parameters, where input transport is set to SSH. Set the login to local, and password to <. 8 line vty 7 , config1line!8 transport input ssh config1line!8 login local config1line!8 password < config1line!8 e4it 'f you have not set the console line yet, set it to the following values. 8 line console 7 config1line!8 logging synchronous config1line!8 login local *. Create the username password 'f you don=t have an username created already, do it as shown below. myswitch8 config t >nter configuration commands, one per line. >nd with C.T)?@.
2

myswitch config!8 username ramesh password mypassword .ote: 'f you don=t have the enable password setup properly, do it now. myswitch8 enable secret myenablepassword Aa&e sure the password1encryption service is turned1on, which will encrypt the password, and when you do Bsh runC, you=ll seee only the encrypted password and not clear1te4t password. myswitch8 service password1encryption +. (erif% SSH access #rom the switch, if you do Dsh ip ssh=, it will confirm that the SSH is enabled on this cisco device. myswitch8 sh ip ssh SSH >nabled 1 version 1.55 $uthentication timeout: 1"7 secsE $uthentication retries: ( $fter the above configurations, login from a remote machine to verify that you can ssh to this cisco switch. 'n this e4ample, 15".126.171." is the management ip1address of the switch. remote1machine8 ssh 15".126.171." login as: ramesh +sing &eyboard1interactive authentication. 0assword: myswitchFen 0assword: myswitch8 't is referred from: http://www.thegeekstuff.com/2013/08/enable-ssh-cisco/ More related: C'SC; SSH configuration template How to recovery deleted Cisco1%outer1';S G Cisco switch used protocol How To %ecover Cisco %outer 0assword The Hifference of The Cisco Catalyst "577 and Cisco Catalyst 1577 More Cisco products and Re,iews %ou can ,isit: http://www.3anetwork.com/blog

($networ&.com is a world leading Cisco networ&ing products wholesaler, we wholesale original new Cisco networ&ing eIuipments, including Cisco Catalyst switches, Cisco routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface cards products at competitive price and ship to worldwide. ;ur website: http:??www.(anetwor&.com Telephone: J6/"1(7251<<(( >mail: infoK($networ&.com $ddress: "(?# )uc&y 0la3a, (1/1("1 )oc&hart %oad, -anchai, Hong&ong