USD ($)
$
United States Dollar
India Rupee

Enable SSH on Cisco Switch: Configure and Setup

Created by Deepak Sharma in Articles 8 Jun 2024
Share


Secure Shell (SSH) is an essential protocol for managing IT infrastructure production devices such as servers, routers, switches etc. It provides secure connection from client to server unlike traditional management protocols like Telnet. For IT professionals, it is important to understand how to enable SSH on Cisco switch or any other device for that matter (Steps for configuring SSH is almost same on most of the Cisco devices). Using SSH, they manage and maintain infrastructure securely and efficiently.

Cisco networking training and certifications such as CCNA covers the importance of SSH over telnet to ensure network administrators are well aware to implement, operate and manage secure connection in their network environment. 

In the field of IT, keep yourself most updated with the latest technologies and best practices. This is where CCNA live training comes into picture. It offers an interactive learning experience. Through these courses, candidates can gain hands-on experience on configuring network devices including setup ssh on cisco switch and many more scenarios crucial in production environment.

In case you only wish to learn to configure SSH on Cisco switch then this blog article is more than enough for you. If you seeks to achieve the certification and live CCNA training online then feel free to contact our learning advisors. 




In this blog, I will explain on how to enable ssh on cisco switch with step by step configuration instructions, from generating key pairs to configuring VTY lines and applying other security setting. Then it will also cover steps for verifications and commands.

Here I have created a very simple topology to understand the ssh set up, in this topology there is a central Cisco Switch (SW) which is directly connected to Cisco routers R01 and R02.


Setup SSH on Cisco Switch - Topology


Configure SSH on Cisco Switch - Tasks

● Enable SSH on Cisco Switch SW given in the above topology

● Configure SSH version 2 and use 1024 bit key module for setup SSH on Cisco Switch 

● Configure the domain name uninets.com and authenticate SSH clients using username "cisco" and the password "cisco123"

● Follow tight security standards and do not allow telnet connection on the switch and make sure password should be secure with type 5 encryption

● Both R01 and R02 should be able to SSH SW1 for its configuration management


Before moving to the SSH configuration, first configure the IP addresses and other devices and verify the basic connectivity. Both ports of the SW are in access VLAN 10, A layer 3 SVI VLAN 10 is created for its management IP address 10.0.0.10/24


SW:

!

hostname SW

!

vlan 10

 name SSH_VLAN

!

interface range Ethernet0/1-2

 switchport access vlan  10

 switchport mode access

 switchport host

 no shutdown

!

interface vlan 10

 ip address 10.0.0.10 255.255.255.0

!

On both routers R1 and R2, configure only IP address 10.0.0.1/24 and 10.0.0.2/24 for providing IP reachability to SW


R01:

!

interface Eth0/2

 ip address 10.0.0.1 255.255.255.0

 no shutdown

!


R02:

!

interface Eth0/1

 ip address 10.0.0.2 255.255.255.0

 no shutdown

!

Verify the IP connectivity from SW to both R01 and R02


SSH full form is Secure Shell, it works at transport layer 4 of the TCP/IP model and uses TCP port number 22. SSH provides secure communication to access remote network devices for management purposes.

There are two version existed for the communication between the client and server. Both provides encrypted connection which makes communication secure.


Advance your Career With Cloud Computing CoursesContact Us Today! Get the Bundle Offers.Explore course



To configure SSH on Cisco switch, we should configure hostname, domain name, and privilege 15 username and password. Additionally, we can filter the remote communication protocol using "transport input" line configuration mode. It has components such as "all", "telnet", "ssh", and "none".

In our case, we need to use "transport input ssh," which allows only the SSH connection refusing the telnet communication. By default, SSH version 1.99 is enabled as soon as we generate the crypto key, which can be changed using the ip ssh version global configuration command.


Enable SSH on Cisco Switch - Configuration

Task #1 Configure hostname

hostname SW

Task #2 Configure domain name

ip domain name uninets.com

Task #2 Configure username and encrypted password

username cisco privilege 15 secret cisco123

Task #3 Generate RSA key pair of 1024 bit key module

crypto key generate rsa

Task #4 Enable local login and disable telnet

line vty 0 4 

 login local

 transport telnet ssh


SW:

!

ip domain name uninets.com

!

username cisco privilege 15 secret cisco123

!

crypto key generate rsa

!

line vty 0 4 

 login local

 transport telnet ssh

!

When you generate RSA key pair, by default the key size is 512 so as per task you have to change it to 1024 and you notice that the default version of SSH installed is 1.99 as shown below


Enable SSH in Cisco Switch - Configuration Verification

Initially, let's verify the public/private key generated by the cisco switch SW to provide secure remote connection to its clients. After that, we can test whether the clients can make the telnet or SSH connection or both.


Now also check the SSH version and the size of the key module

Let's try to telnet SW from R1, since on switch telnet is not allowed, the connections will refuse.


Now try to SSH to SW from R01 and R02, it will be successful login using username cisco.


You can also verify the ssh users login on the switch using command "show users"

This concludes how to enable ssh on cisco switch, the above configuration is strictly on Cisco switches however you can also enable ssh on cisco routers using exact same commands. 


Deepak Sharma

He is a senior solution network architect and currently working with one of the largest financial company. He has an impressive academic and training background. He has completed his B.Tech and MBA, which makes him both technically and managerial proficient. He has also completed more than 450 online and offline training courses, both in India and ...

More... | Author`s Bog | Book a Meeting

Related Articles

#Explore latest news and articles

Router on a Stick Configuration Scenario 5 May 2024

Router on a Stick Configuration Scenario

Understand router on a stick configuration and concept based on a scenario of Cisco router & switch CCNA Lab at UniNets.
Mac Address Flooding: Learning & Aging 7 May 2024

Mac Address Flooding: Learning & Aging

Learn MAC address flooding and aging process in switches. Understand how switching concepts impact network security & performance. Read More!
Understand IP Addressing and Subnetting 27 May 2024

Understand IP Addressing and Subnetting

Understand IP Addressing and Subnetting through configuration on a practical scenario using CCNA Virtual Lab at UniNets.

FAQ

Before enabling SSH on a Cisco switch, you need to have a device with an IOS version that supports SSH, a hostname and domain name configured on the switch, and a local user account created. Additionally, you need to generate RSA keys for encryption.
To generate RSA keys, enter the global configuration mode on the switch and use the command crypto key generate rsa. Specify the key size (usually 1024 or 2048 bits). This creates the necessary cryptographic keys for SSH.
To configure the VTY lines, enter global configuration mode and use the commands: ! line vty 0 15 transport input ssh login local ! This limits access to SSH and requires local login authentication.
To verify SSH configuration, use the show ip ssh command to display SSH settings and status. Additionally, you can attempt to connect to the switch via SSH from a client device to ensure it accepts connections.

Comments (0)

Deepak Sharma

Deepak Sharma

Senior Instructor (Part Time) at UniNets Instructor role
★★★★★ 4.95
Faithful User
Expert Vendor
Golden Classes
King Seller
Fantastic Support
Loyal Writer

Upcoming batches

+91 84484 40748

Enquire Now

Share to your friends

Share

Share this post with others

Contact learning advisor

New Cisco ACI Training Live Batch Starts June 15th!
New Cisco ACI Training Live Batch Starts June 15th!
Advance your career? Don't miss out on our Cisco Application Centric Infrastructure (ACI) training ...
Enroll Now