Configuring SSH (Secure Shell) on a Cisco router is crucial for securing remote access to the device. Follow these step-by-step instructions to securely configure SSH on your Cisco router.
Step 1: Domain configuration
Before configuring SSH, set up the domain name on your Cisco router.
This step is necessary for RSA key generation.
Use the following command to set the domain name:
Router(config)# ip domain-name <votre_domaine.com>Be sure to replace <votre_domaine.com> with the domain name of your network.
Step 2: RSA key generation
Once the domain name has been set up, generate RSA keys on your Cisco router.
These keys are essential to secure communications between devices.
To generate RSA keys, follow these steps:
Router(config)# crypto key generate rsaWhen prompted, choose the RSA key size in bits according to your security needs.
Step 3: Create a user
To use SSH, you need a user configured on the router with the appropriate privileges.
If you don’t already have a user configured, use the following command to create one:
Router(config)# username <nom_utilisateur> privilege 15 secret <mot_de_passe>Be sure to replace <nom_utilisateur> with the username of your choice and <mot_de_passe> with the desired password.
Step 4: Configure SSH parameters
Access VTY line configuration mode to configure SSH for VTY line access.
Use the following commands:
Router(config)# line vty 0 4
Router(config-line)# transport input ssh
Router(config-line)# login localThese commands specify that SSH will be used to access VTY lines, and that authentication will be carried out locally using the user information configured previously.
Step 5: Enable SSH
Activate the SSH service on the router using the following commands:
Router(config)# ip ssh version 2
Router(config)# ip ssh time-out 120
Router(config)# ip ssh authentication-retries 3These commands activate SSH version 2 for security reasons, set a time limit of 120 seconds and specify the number of authentication attempts before the user is blocked.
Step 6: Checking the configuration
Check the SSH configuration using the following command:
Router# show ip sshMake sure SSH is enabled and working properly on your Cisco router.
Step 7: Access the router via SSH
Once SSH configuration is complete, you can access the router via SSH using an SSH client such as PuTTY on Windows or Terminal on macOS/Linux. Make sure you use the router’s IP address and default SSH port (22).
See also: How do I connect to a server using SSH?
Use the following command on your client machine to connect to the router via SSH:
ssh <nom_utilisateur>@<adresse_IP_routeur>Be sure to replace <nom_utilisateur> with the username you have configured and <adresse_IP_routeur> with the IP address of the Cisco router.
By following these steps, you have now successfully configured SSH on your Cisco router, reinforcing your network security.
