How to configure SSH on Cisco

In this article I will write how to configure SSH on Cisco.

Connect to the device via telnet or console cable and switch to the privileged mode:


Set the date and time (necessary for key generation):

show clock
clock set 12:36:10 3 Apr 2019

Go to configuration mode:

configure t

Specify the domain and device name (required for key generation):

ip domain name test
hostname Test

You can also configure NTP to synchronize time:

ntp clock-period 36029117
ntp max-associations 1
ntp server version 2 source Vlan207

We generate a key for SSH (after entering the command, we specify the key length, for example 1024):

crypto key generate rsa

Enable storage of passwords in the configuration in an encrypted form:

service password-encryption

Create a list of addresses that will later allow the connection to the device:

access-list 11 permit
access-list 11 permit

Let us allow connection only via SSH, let us indicate that you need to terminate the session after 5 minutes of inactivity and that only the addresses specified in the access-list 11 can be connected:

ip ssh version 2
line vty 0 15
transport input ssh
exec-timeout 5 0
access-class 11 in

Create an admin user:

username admin privilege 15 secret PASSWORD

Specify the password for the privileged mode:

enable secret PASSWORD

Activate the AAA protocol:

aaa new-model

Now you can try to connect to the device via SSH, if everything is ok, exit configuration mode, check configuration and save it:

show running-config
copy run start

See also my articles:
Configuring Cisco devices

Leave a comment

Leave a Reply