USD ($)
$
United States Dollar
India Rupee

Enable SSH on Cisco Switch: Configure and Setup

Created by Deepak Sharma in Articles 13 Nov 2024
Share
«Cisco Switch Configure DHCP Scenario

Secure Shell (SSH) is an essential protocol for managing IT infrastructure production devices such as servers, routers, switches, etc. It provides a secure connection from client to server, unlike traditional management protocols like Telnet.

For IT professionals, it is important to understand how to enable SSH on a Cisco switch or any other device for that matter (Steps for configuring SSH are almost the same on most of the Cisco devices). Using SSH, they manage and maintain infrastructure securely and efficiently.

Cisco networking training and certifications such as CCNA cover the importance of SSH over telnet to ensure network administrators are well aware to implement, operate, and manage secure connections in their network environment. 

In the field of IT, keep yourself updated with the latest technologies and best practices. This is where CCNA live training comes into the picture. It offers an interactive learning experience. Through these courses, candidates can gain hands-on experience in configuring network devices including setting up SSH on Cisco switch and many more scenarios crucial in a production environment.

In case you only wish to learn to configure SSH on a Cisco switch then this blog article is more than enough for you. If you seek to achieve the certification and live CCNA training online then feel free to contact our learning advisors. 



banner image

In this blog, I will explain how to enable SSH on a Cisco switch with step-by-step configuration instructions, from generating key pairs to configuring VTY lines and applying another security setting. Then it will also cover steps for verifications and commands.

Here I have created a very simple topology to understand the SSH setup, in this topology there is a central Cisco Switch (SW) which is directly connected to Cisco routers R01 and R02.

Setup SSH on Cisco Switch - Topology

banner image

Configure SSH on Cisco Switch - Tasks

● Enable SSH on Cisco Switch SW given in the above topology

● Configure SSH version 2 and use 1024 bit key module to setup SSH on Cisco Switch 

● Configure the domain name uninets.com and authenticate SSH clients using the username "cisco" and the password "cisco123"

● Follow tight security standards and do not allow telnet connection on the switch and make sure the password is secure with type 5 encryption

● Both R01 and R02 should be able to SSH SW1 for its configuration management


Before moving to the SSH configuration, first configure the IP addresses and other devices and verify the basic connectivity. Both ports of the SW are in access VLAN 10, A layer 3 SVI VLAN 10 is created for its management IP address 10.0.0.10/24

SW:

!

hostname SW

!

vlan 10

 name SSH_VLAN

!

interface range Ethernet0/1-2

 switchport access vlan  10

 switchport mode access

 switchport host

 no shutdown

!

interface vlan 10

 ip address 10.0.0.10 255.255.255.0

!

On both routers R1 and R2, configure only IP address 10.0.0.1/24 and 10.0.0.2/24 for providing IP reachability to SW

R01:

!

interface Eth0/2

 ip address 10.0.0.1 255.255.255.0

 no shutdown

!

R02:

!

interface Eth0/1

 ip address 10.0.0.2 255.255.255.0

 no shutdown

!

Verify the IP connectivity from SW to both R01 and R02

banner image

SSH full form is Secure Shell, it works at transport layer 4 of the TCP/IP model and uses TCP port number 22. SSH provides secure communication to access remote network devices for management purposes.

Two versions exist for the communication between the client and server. Both provide encrypted connections which makes communication secure.


Advance your Career With Cloud Computing CoursesContact Us Today! Get the Bundle Offers.Explore course
banner image

To configure SSH on the Cisco switch, we should configure the hostname, domain name, and privilege 15 username and password. Additionally, we can filter the remote communication protocol using the "transport input" line configuration mode. It has components such as "all", "telnet", "ssh", and "none".

In our case, we need to use "transport input ssh," which allows only the SSH connection to refuse the telnet communication. By default, SSH version 1.99 is enabled as soon as we generate the crypto key, which can be changed using the ip ssh version global configuration command.

Enable SSH on Cisco Switch - Configuration

Task #1 Configure hostname

hostname SW

Task #2 Configure domain name

ip domain name uninets.com

Task #2 Configure username and encrypted password

username cisco privilege 15 secret cisco123

Task #3 Generate RSA key pair of 1024 bit key module

crypto key generate rsa

Task #4 Enable local login and disable telnet

line vty 0 4 

 login local

transport telnet ssh

SW:

!

ip domain name uninets.com

!

username cisco privilege 15 secret cisco123

!

crypto key generate rsa

!

line vty 0 4 

 login local

 transport telnet ssh

!

When you generate an RSA key pair, by default the key size is 512 so as per the task you have to change it to 1024 and you notice that the default version of SSH installed is 1.99 as shown below

banner image

Enable SSH in Cisco Switch - Configuration Verification

Initially, let's verify the public/private key generated by the Cisco switch SW to provide a secure remote connection to its clients. After that, we can test whether the clients can make the telnet or SSH connection or both.

banner image

Now also check the SSH version and the size of the key module

banner image

Let's try to telnet SW from R1 since on switch telnet is not allowed, the connections will refuse.

banner image

Now try to SSH to SW from R01 and R02, it will be a successful login using username Cisco.

banner image

banner image

You can also verify the ssh users login on the switch using the command "show users"

banner image

This concludes how to enable SSH on Cisco switches, the above configuration is strictly on Cisco switches however you can also enable SSH on Cisco routers using the same commands. 

What are Private VLANs: Configuration on ...»
Deepak Sharma

He is a senior solution network architect and currently working with one of the largest financial company. He has an impressive academic and training background. He has completed his B.Tech and MBA, which makes him both technically and managerial proficient. He has also completed more than 450 online and offline training courses, both in India and ...

More... | Author`s Bog | Book a Meeting

Related Articles

#Explore latest news and articles

Understanding Cisco Rapid PVST+ with Configuration and Topology 30 Aug 2024

Understanding Cisco Rapid PVST+ with Configuration and Topology

Understand what is spanning tree particularly rapid pvst+ with its configuration on Cisco switches topology scenario.

FAQ

Before enabling SSH on a Cisco switch, you need to have a device with an IOS version that supports SSH, a hostname and domain name configured on the switch, and a local user account created. Additionally, you need to generate RSA keys for encryption.
To generate RSA keys, enter the global configuration mode on the switch and use the command crypto key generate rsa. Specify the key size (usually 1024 or 2048 bits). This creates the necessary cryptographic keys for SSH.
To configure the VTY lines, enter global configuration mode and use the commands: ! line vty 0 15 transport input ssh login local ! This limits access to SSH and requires local login authentication.
To verify SSH configuration, use the show ip ssh command to display SSH settings and status. Additionally, you can attempt to connect to the switch via SSH from a client device to ensure it accepts connections.

Comments (0)

Share

Share this post with others

Contact learning advisor

Captcha image
Join Cisco ACI Live Training – Starting 7th December! Enroll Now to Master ACI.
Join Cisco ACI Live Training – Starting 7th December! Enroll Now to Master ACI.
Expert-Led Cisco ACI Training with Lab Access.
Day
Hr
Min
Sec
Register Now