SSH version 1 (SSHv1) is supported in Cisco IOS Release 12.1(1)T and later, while SSH
version 2 (SSHv2) is supported in Cisco IOS Release 12.3(4)T and later.
Before you can con?¬?gure your routers for SSH, be sure of the following:
??? Target routers are running IOS 12(1)T image or later with the IPSec feature set
??? Target routers are con?¬?gured for local authentication
??? The AAA server is con?¬?gured for username and password authentication
??? Target routers all have unique hostnames
??? Target routers are all using the correct domain name of your network
Router(config)#ip domain-name yourdomain.com Assigns a domain name to
the router
Router(config)#crypto key generate rsa
general-keys modulus 1024
Generates an RSA key that
will be used for SSH. A
minimum key length of
modulus 1024 is
recommended.
Router(config)#ip ssh time-out 100 Con?¬?gures the time that
the router will wait for the
SSH client to respond.
Time is measured in
seconds and can be a
number from 1??“120.
Router(config)#ip ssh authentication-retries 3 Con?¬?gures the number
of retires allowed. The
number can range from
0??“5.
Router(config)#line vty 0 4 Moves to line
con?¬?guration mode
Router(config-line)#no transport input telnet Disables Telnet on all ?¬?ve
vty lines
NOTE: If you are going
to use SSH, be sure to
disable Telnet on all
router vty lines.
Pages:
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114