You have a Cisco router or switch. You read my post: How to connect to a Cisco router via the console cable and now you are connected to the device. You realize that it is not very comfortable to connect to your Cisco toy with the console cable every time you want to manage it. You ask yourself if there is any other method you can use to connect to your device, but without the need of a separate cable. And the answer is yes, there is a different method you can use. You can use the SSH protocol for managing your Cisco device.
In this post, I would like to show you the steps you need to take in order to configure SSH and manage your device via this protocol.
Table of Contents
1. Connect your Cisco router to the network and assign an IP address to one of its interfaces
In order to be able to manage your device through SSH, first you need to connect your Cisco router or switch to the network using a UTP cable and assign an IP address to the interface that is connected to your LAN.
Router>
Router>en
Router#conf term
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int vlan 1
Router(config-if)#ip address 172.16.10.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
2. Configure a password for access to Privileged mode
Next, you will need to add a password to protect the access to the Privileged mode. In this mode you can change the configuration of the device. This is why it needs to be protected. You don’t want to find out one day that your device does not have a configuration anymore.
Router(config)#enable secret cisco123Choose a strong password that you can remember. In my lab, I use cisco123.
3. Add a local user account and specify a password
After you have protected the access to the Privileged mode, you need to define a local account and specify a password for it. You will use this account for accessing the Cisco router or switch through SSH.
Router(config)#username petru secret cisco123
4. Configure the VTY lines
Now, it is the time to configure the VTY lines. You will connect to the router or switch through these lines.
Router(config)#line vty ?
<0-193> First Line number
Router(config)#line vty 0 15
Router(config-line)#login local
Router(config-line)#trans
Router(config-line)#transport ?
input Define which protocols to use when connecting to the terminal
server
output Define which protocols to use for outgoing connections
preferred Specify the preferred protocol to use
Router(config-line)#transport in
Router(config-line)#transport input ?
all All protocols
none No protocols
pad X.3 PAD
rlogin Unix rlogin protocol
ssh TCP/IP SSH protocol
telnet TCP/IP Telnet protocol
udptn UDPTN async via UDP protocol
Router(config-line)#transport input ssh
Router(config-line)#
5. Configure the router hostname
You now need to give your router or switch a name. This way you will be able to identify it.
Router(config)#hostname R16. Configure the domain name
After you gave a name to your router or switch, you need to specify the domain name. Based on the router/switch name and this domain, a private and public key will be generated in the next step.
R1(config)#ip domain name gulian.uk
7. Generate the crypto keys
After you have specified the domain name, you need to generate the keys that will be used with SSH. The below command will generate a RSA private key and a public key.
R1(config)#crypto key generate rsa modulus ?
<360-2048> size of the key modulus [360-2048]
R1(config)#crypto key generate rsa modulus 1024
The name for the keys will be: R1.gulian.uk
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
R1(config)#
8. Specify the SSH version
Finally, you need to specify the SSH version that will be used. It is recommended to use SSH version 2.
R1(config)#ip ssh version ?
<1-2> Protocol version
R1(config)#ip ssh version 2
R1(config)#
9. Connect to the router through SSH
It is time to verify the connection to the router or switch via SSH.
As you can see, there are no SSH connections at this point in time.
You need to run a similar command in order to connect to your router or switch via SSH. Adjust the command according to your environment.
ssh -l petru 172.16.10.1
As you can see the connection was successful. You achieved your end goal. You can manage your device through the network.
I hope you find this post useful. Share it on your social media channels so that other people can read it too.
[…] Next step, I configured the interface with an IP address and configured SSH on the router. If you want to check the steps for configuring SSH on your Cisco router or switch, take a look here: 8 steps to configure SSH on a Cisco router or switch. […]
[…] For all the other steps that you need to take in order to finish the SSH configuration, you can read this post: 8 steps to configure SSH on a Cisco router or switch. […]