Minsoo Ju

Minsoo Ju

IT Infrastructure Manager

© 2023

SSH
Aug 24, 2022
  • Networks


What’s SSH?


SSH, Secure Socket Shell was developed to make up for vulnarability of Telnet services.
With encryption key, SSH can provides secured remote connection between network devices.

How to set SSH on Cisco device?


1. Enters Configuration mode

Switch#configure terminal

2. Configuring user and password

Switch(config)# username admin password 123

3. Set the previleage mode password

Switch(config)#enable secret 123

4. Setting hostname of your device (important!)

Switch(config)#hostname <your hostname>

5. Set your own domain name

Switch(config)#ip domain-name <your domain name>

6. Make encryption key for secure connection (in this example, I used RSA)

Switch(config)#crypto key generate rsa

7. Then this texts will show up
You need to configure bit-rate for RSA key

The name for the keys will be: Switch.<your domain name>
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modules [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 4 seconds)

8. In this line, you can configure previlige level to each users. 0 and 15 means administrator

Switch(config)#line vty 0 15

9. Allows input only SSH

Switch(config-line)#transport input ssh

10. This line means you’re gonna log-in with this local account

Switch(config-line)#login local

Additional configuration

Setting SSH version

Switch(config)#ip ssh version 1 ## SSH v1

Switch(config)#ip ssh version 2 ## uses SSH v2 (official Cisco recommended)

Switch(config)#no ip ssh version ## uses both v1 and v2

Configure timeout and retry counts

  • configure timeout (0-120 sec)

    Switch(config)#ip ssh time-out <time>

  • retry counts (0-5)

    Switch(config)#ip ssh authentication-retries <0-5>


Plausible mistakes or unexpected error

  • System time error
    • when I was checking SSH connections of every L2 switches in workplace, one of them wasn’t able to access with SSH
    • so I accessed that device by console and I re-configuring SSH options
    • But when I was about to configure encryption key, It says system date is way too old so when I check the time, It was Dec 27th,1933!

    • so I had to change system date manually

      show clock ## checking current system date
    
clock set 00:00:00 Aug 24 2022 ## set system date
    
clock timezone KST 9 ## set timezone
    • after this, I could set encryption key without any trouble buuuuuuut still don’t know why it was set like that first time lol