How to

Configure Secure Shell (SSH)

It’s a well known fact that Telnet connections are insecure because the packets are not encrypted. For this reason Secure Shell (SSH) is a must for today’s networks.
SSH provides a secure channel over an unsecured network in a client–server architecture, connecting an SSH client application with an SSH server. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2. The standard TCP port for SSH is 22

In this <How to> lesson we will see how to configure basic SSH between a PC and a Switch.

1.Configure S1

    Step 1 : Configure IP Domain

    S1(config)# ip domain-name

    Step 2 : Generate RSA keys pairs

    S1(config)# crypto key generate rsa

    Note : To delete the RSA key pair, use the crypto key zeroize rsa global configuration mode command. After the RSA key pair is deleted, the SSH server is automatically disabled.

    Step 3 : Configure User Authentication

    S1(config)# user Administrator secret wiznet

    Step 4: Configure the VTY line

    S1(config)# line vty 0 15 (we can choose which vty line we want to use. For example line vty 0 4)

    S1(config-line)# transport input ssh 

    S1(config-line)# login local (In this example we use the local database but in more advance configurations we can have a AAA Server)

    Step 5 : Enable the SSH version 2

    S1(config): ip ssh version 2 (For better security)

    2.Establish connection between PC and S1

    To establish connection we can use PUTTY or another similar software. In our example we will use command promt.

    In the command promt enter the command ssh -l Administrator (ssh -l(L not 1) username ip-address of switch) and next type the password (wiznet). Now you are logged in S1 using SSH.