Enable SSH on Cisco Switch: Configure and Setup

Secure Shell (SSH) is an essential protocol for managing IT infrastructure production devices such as servers, routers, switches etc. It provides secure connection from client to server unlike traditional management protocols like Telnet. For IT professionals, it is important to understand how to enable SSH on Cisco switch or any other device for that matter (Steps for configuring SSH is almost same on most of the Cisco devices). Using SSH, they manage and maintain infrastructure securely and efficiently.

Cisco networking training and certifications such as CCNA covers the importance of SSH over telnet to ensure network administrators are well aware to implement, operate and manage secure connection in their network environment. 

In the field of IT, keep yourself most updated with the latest technologies and best practices. This is where CCNA live training comes into picture. It offers an interactive learning experience. Through these courses, candidates can gain hands-on experience on configuring network devices including setup ssh on cisco switch and many more scenarios crucial in production environment.

In case you only wish to learn to configure SSH on Cisco switch then this blog article is more than enough for you. If you seeks to achieve the certification and live CCNA training online then feel free to contact our learning advisors. 

Contact learner advisor

In this blog, I will explain on how to enable ssh on cisco switch with step by step configuration instructions, from generating key pairs to configuring VTY lines and applying other security setting. Then it will also cover steps for verifications and commands.

Here I have created a very simple topology to understand the ssh set up, in this topology there is a central Cisco Switch (SW) which is directly connected to Cisco routers R01 and R02.

Setup SSH on Cisco Switch - Topology

Configure SSH on Cisco Switch - Tasks

● Enable SSH on Cisco Switch SW given in the above topology

● Configure SSH version 2 and use 1024 bit key module for setup SSH on Cisco Switch 

● Configure the domain name uninets.com and authenticate SSH clients using username "cisco" and the password "cisco123"

● Follow tight security standards and do not allow telnet connection on the switch and make sure password should be secure with type 5 encryption

● Both R01 and R02 should be able to SSH SW1 for its configuration management

Before moving to the SSH configuration, first configure the IP addresses and other devices and verify the basic connectivity. Both ports of the SW are in access VLAN 10, A layer 3 SVI VLAN 10 is created for its management IP address 10.0.0.10/24

SW:

On both routers R1 and R2, configure only IP address 10.0.0.1/24 and 10.0.0.2/24 for providing IP reachability to SW

R01:

R02:

Verify the IP connectivity from SW to both R01 and R02

SSH full form is Secure Shell, it works at transport layer 4 of the TCP/IP model and uses TCP port number 22. SSH provides secure communication to access remote network devices for management purposes.

There are two version existed for the communication between the client and server. Both provides encrypted connection which makes communication secure.

Advance your Career With Cloud Computing CoursesContact Us Today! Get the Bundle Offers.Explore course

To configure SSH on Cisco switch, we should configure hostname, domain name, and privilege 15 username and password. Additionally, we can filter the remote communication protocol using "transport input" line configuration mode. It has components such as "all", "telnet", "ssh", and "none".

In our case, we need to use "transport input ssh," which allows only the SSH connection refusing the telnet communication. By default, SSH version 1.99 is enabled as soon as we generate the crypto key, which can be changed using the ip ssh version global configuration command.

Enable SSH on Cisco Switch - Configuration

Task #1 Configure hostname

hostname SW

Task #2 Configure domain name

ip domain name uninets.com

Task #2 Configure username and encrypted password

username cisco privilege 15 secret cisco123

Task #3 Generate RSA key pair of 1024 bit key module

crypto key generate rsa

Task #4 Enable local login and disable telnet

line vty 0 4 

 login local

 transport telnet ssh

SW:

When you generate RSA key pair, by default the key size is 512 so as per task you have to change it to 1024 and you notice that the default version of SSH installed is 1.99 as shown below

Enable SSH in Cisco Switch - Configuration Verification

Initially, let's verify the public/private key generated by the cisco switch SW to provide secure remote connection to its clients. After that, we can test whether the clients can make the telnet or SSH connection or both.

Now also check the SSH version and the size of the key module

Let's try to telnet SW from R1, since on switch telnet is not allowed, the connections will refuse.

Now try to SSH to SW from R01 and R02, it will be successful login using username cisco.

You can also verify the ssh users login on the switch using command "show users"

This concludes how to enable ssh on cisco switch, the above configuration is strictly on Cisco switches however you can also enable ssh on cisco routers using exact same commands.