Secure Shell (SSH) is an essential protocol for managing IT infrastructure production devices such as servers, routers, switches etc. It provides secure connection from client to server unlike traditional management protocols like Telnet. For IT professionals, it is important to understand how to enable SSH on Cisco switch or any other device for that matter (Steps for configuring SSH is almost same on most of the Cisco devices). Using SSH, they manage and maintain infrastructure securely and efficiently.
Cisco networking training and certifications such as CCNA covers the importance of SSH over telnet to ensure network administrators are well aware to implement, operate and manage secure connection in their network environment.
In the field of IT, keep yourself most updated with the latest technologies and best practices. This is where CCNA live training comes into picture. It offers an interactive learning experience. Through these courses, candidates can gain hands-on experience on configuring network devices including setup ssh on cisco switch and many more scenarios crucial in production environment.
In case you only wish to learn to configure SSH on Cisco switch then this blog article is more than enough for you. If you seeks to achieve the certification and live CCNA training online then feel free to contact our learning advisors.
In this blog, I will explain on how to enable ssh on cisco switch with step by step configuration instructions, from generating key pairs to configuring VTY lines and applying other security setting. Then it will also cover steps for verifications and commands.
Here I have created a very simple topology to understand the ssh set up, in this topology there is a central Cisco Switch (SW) which is directly connected to Cisco routers R01 and R02.
● Enable SSH on Cisco Switch SW given in the above topology
● Configure SSH version 2 and use 1024 bit key module for setup SSH on Cisco Switch
● Configure the domain name uninets.com and authenticate SSH clients using username "cisco" and the password "cisco123"
● Follow tight security standards and do not allow telnet connection on the switch and make sure password should be secure with type 5 encryption
● Both R01 and R02 should be able to SSH SW1 for its configuration management
Before moving to the SSH configuration, first configure the IP addresses and other devices and verify the basic connectivity. Both ports of the SW are in access VLAN 10, A layer 3 SVI VLAN 10 is created for its management IP address 10.0.0.10/24
SW:
On both routers R1 and R2, configure only IP address 10.0.0.1/24 and 10.0.0.2/24 for providing IP reachability to SW
R01:
R02:
Verify the IP connectivity from SW to both R01 and R02
SSH full form is Secure Shell, it works at transport layer 4 of the TCP/IP model and uses TCP port number 22. SSH provides secure communication to access remote network devices for management purposes.
There are two version existed for the communication between the client and server. Both provides encrypted connection which makes communication secure.
To configure SSH on Cisco switch, we should configure hostname, domain name, and privilege 15 username and password. Additionally, we can filter the remote communication protocol using "transport input" line configuration mode. It has components such as "all", "telnet", "ssh", and "none".
In our case, we need to use "transport input ssh," which allows only the SSH connection refusing the telnet communication. By default, SSH version 1.99 is enabled as soon as we generate the crypto key, which can be changed using the ip ssh version global configuration command.
Task #1 Configure hostname
hostname SW
Task #2 Configure domain name
ip domain name uninets.com
Task #2 Configure username and encrypted password
username cisco privilege 15 secret cisco123
Task #3 Generate RSA key pair of 1024 bit key module
crypto key generate rsa
Task #4 Enable local login and disable telnet
line vty 0 4
login local
transport telnet ssh
SW:
When you generate RSA key pair, by default the key size is 512 so as per task you have to change it to 1024 and you notice that the default version of SSH installed is 1.99 as shown below
Initially, let's verify the public/private key generated by the cisco switch SW to provide secure remote connection to its clients. After that, we can test whether the clients can make the telnet or SSH connection or both.
Now also check the SSH version and the size of the key module
Let's try to telnet SW from R1, since on switch telnet is not allowed, the connections will refuse.
Now try to SSH to SW from R01 and R02, it will be successful login using username cisco.
You can also verify the ssh users login on the switch using command "show users"
This concludes how to enable ssh on cisco switch, the above configuration is strictly on Cisco switches however you can also enable ssh on cisco routers using exact same commands.
He is a senior solution network architect and currently working with one of the largest financial company. He has an impressive academic and training background. He has completed his B.Tech and MBA, which makes him both technically and managerial proficient. He has also completed more than 450 online and offline training courses, both in India and ...
More... | Author`s Bog | Book a Meeting