How to Enable SSH as the transport for Cisco IOS devices

Note this is an old post I moved from an old blog.  It seemed a shame to let the post die as some people may find it useful on older IOS devices.

Introduction

If you administer networks or unix based servers it most likely won’t have escaped your attention that the commonly used remote admin protocol “Telnet” is not a secure protocol. It transmits your traffic, such as commands and horror of horrors, passwords in plain text and because of this could be captured or sniffed. This is especially bad news as passwords can be captured. Cisco IOS device support telnet and in years gone by it was the default method for remote administration of these devices. Nowadays you can enable SSH or “secure shell”. This encrypts all of your traffic so you are much less likely to be sniffed! This guide will help you through that process.

Warning – Test it first

Obviously if you get this wrong you could shut yourself out of the your ios device which could be a problem if you can’t get access to it physically to resolve any problems

Set it up

First things first, check if your ios supports “Crypto” which is required for SSH. Type
Show ver
if somewhere in the returned output it says “This product contains cryptographic features” you will be in luck. Next let’s see if you have an rsa private and public key for use with SSH Enter the command

show crypto key mypubkey rsa

if no key is shown then create one. We need it to be 768 bits in length for it to work with SSH version 2

crypto key generate rsa modulus 1024

If all goes well ios will report back that a key was generated. We now have a certificate so we need to tell IOS that we wish to use SSH as the transport for admin connections. This is controlled by the VTY lines. enter:

line vty 0 15

Then type

transport input telnet ssh

That’s it you should now have SSH available for your connection

Comments are closed.