What’s SSH?
SSH, Secure Socket Shell was developed to make up for vulnarability of Telnet services.
With encryption key, SSH can provides secured remote connection between network devices.
How to set SSH on Cisco device?
1. Enters Configuration mode
Switch#configure terminal
2. Configuring user and password
Switch(config)# username admin password 123
3. Set the previleage mode password
Switch(config)#enable secret 123
4. Setting hostname of your device (important!)
Switch(config)#hostname <your hostname>
5. Set your own domain name
Switch(config)#ip domain-name <your domain name>
6. Make encryption key for secure connection (in this example, I used RSA)
Switch(config)#crypto key generate rsa
7. Then this texts will show up
You need to configure bit-rate for RSA key
The name for the keys will be: Switch.<your domain name>
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modules [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 4 seconds)
8. In this line, you can configure previlige level to each users. 0 and 15 means administrator
Switch(config)#line vty 0 15
9. Allows input only SSH
Switch(config-line)#transport input ssh
10. This line means you’re gonna log-in with this local account
Switch(config-line)#login local
Additional configuration
Setting SSH version
Switch(config)#ip ssh version 1 ## SSH v1
Switch(config)#ip ssh version 2 ## uses SSH v2 (official Cisco recommended)
Switch(config)#no ip ssh version ## uses both v1 and v2
Configure timeout and retry counts
-
configure timeout (0-120 sec)
Switch(config)#ip ssh time-out <time>
-
retry counts (0-5)
Switch(config)#ip ssh authentication-retries <0-5>
Plausible mistakes or unexpected error
- System time error
- when I was checking SSH connections of every L2 switches in workplace, one of them wasn’t able to access with SSH
- so I accessed that device by console and I re-configuring SSH options
- But when I was about to configure encryption key, It says system date is way too old so when I check the time, It was Dec 27th,1933!
-
so I had to change system date manually
show clock ## checking current system date clock set 00:00:00 Aug 24 2022 ## set system date clock timezone KST 9 ## set timezone
- after this, I could set encryption key without any trouble buuuuuuut still don’t know why it was set like that first time lol