How to configure SSH on a Cisco router?

Configuring SSH (Secure Shell) on a Cisco router is crucial for securing remote access to the device. Follow these step-by-step instructions to securely configure SSH on your Cisco router.

Step 1: Domain configuration

Before configuring SSH, set up the domain name on your Cisco router.

This step is necessary for RSA key generation.

Use the following command to set the domain name:

Router(config)# ip domain-name <>

Be sure to replace <> with the domain name of your network.

Step 2: RSA key generation

Once the domain name has been set up, generate RSA keys on your Cisco router.

These keys are essential to secure communications between devices.

To generate RSA keys, follow these steps:

Router(config)# crypto key generate rsa

When prompted, choose the RSA key size in bits according to your security needs.

Step 3: Create a user

To use SSH, you need a user configured on the router with the appropriate privileges.

If you don’t already have a user configured, use the following command to create one:

Router(config)# username <nom_utilisateur> privilege 15 secret <mot_de_passe>

Be sure to replace <nom_utilisateur> with the username of your choice and <mot_de_passe> with the desired password.

Step 4: Configure SSH parameters

Access VTY line configuration mode to configure SSH for VTY line access.

Use the following commands:

Router(config)# line vty 0 4
Router(config-line)# transport input ssh
Router(config-line)# login local

These commands specify that SSH will be used to access VTY lines, and that authentication will be carried out locally using the user information configured previously.

Step 5: Enable SSH

Activate the SSH service on the router using the following commands:

Router(config)# ip ssh version 2
Router(config)# ip ssh time-out 120
Router(config)# ip ssh authentication-retries 3

These commands activate SSH version 2 for security reasons, set a time limit of 120 seconds and specify the number of authentication attempts before the user is blocked.

Step 6: Checking the configuration

Check the SSH configuration using the following command:

Router# show ip ssh

Make sure SSH is enabled and working properly on your Cisco router.

Step 7: Access the router via SSH

Once SSH configuration is complete, you can access the router via SSH using an SSH client such as PuTTY on Windows or Terminal on macOS/Linux. Make sure you use the router’s IP address and default SSH port (22).

See also: How do I connect to a server using SSH?

Use the following command on your client machine to connect to the router via SSH:

ssh <nom_utilisateur>@<adresse_IP_routeur>

Be sure to replace <nom_utilisateur> with the username you have configured and <adresse_IP_routeur> with the IP address of the Cisco router.

By following these steps, you have now successfully configured SSH on your Cisco router, reinforcing your network security.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.