In this article, we will see how to configure SSH on a Cisco router! You will need SSH to secure the remote connection to your network devices.
What is SSH?
SSH for Secure Shell is a computer network protocol that allows you to connect to a remote computer or equipment and execute commands on it securely.
It uses public and private keys to authenticate users and encrypts data transmitted between computers. This prevents third parties from intercepting or reading the data.
Why use SSH?
You have to use SSH to have a secure communication between two devices. SSH is often used to connect to servers and routers to securely manage and configure these devices.
SSH is therefore an open protocol and there are several different implementations, such as OpenSSH and PuTTY. These implementations can thus be used on many different operating systems, such as Linux, macOS and Windows.
How to configure SSH on a Cisco router?
To configure SSH on your Cisco router or switch, you need to take the following steps:
1- Define a hostname for the router using the command hostname :
2- Add a domain name server (DNS) with the command ip domain-name
ip domain-name nom_de_domaine
3 – Generate RSA keys for the router using the crypto key generate rsa command:
crypto key generate rsa
4 -Create a user to access the router using the username command:
username <nom_utilisateur> password <mot_de_passe>
5 – Configure the router access interface to accept SSH connections using the ip ssh command:
ip ssh version 2
Then check the configuration using the show ssh command to display the SSH configuration information of the router.
Example of SSH configuration on a Cisco router
Here is an example of SSH configuration on a Cisco router with Packet Tracer:
Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R1 R1(config)#enable secret cisco R1(config)#ip domain-name dir-tech.com R1(config)#crypto key generate rsa How many bits in the modulus : 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] *Mar 1 1:7:16.264: %SSH-5-ENABLED: SSH 2 has been enabled R1(config)#username dirtech password dirtech123 R1(config)#ip ssh version 2 R1(config)#line vty 0 4 R1(config-line)#login local R1(config-line)#transport input ssh R1(config-line)#exit R1(config)#exit R1# %SYS-5-CONFIG_I: Configured from console by console
Check the configurations:
R1#show ssh %No SSHv2 server connections running. %No SSHv1 server connections running. R1#
To connect remotely via a computer, here is the command:
C:\>ssh -l dirtech 192.168.10.1 Password: R1>enable R1#
It should be noted that this basic configuration does not take into account certain security or redundancy parameters.
For a more advanced configuration, you will need to add other commands and parameters depending on your needs.