#Cisco switch enable ssh how to#
To see how to enable Telnet and configure password on IOS device you can see my other post or video.This article is going to shows the CCNA students to configure and enable telnet and ssh on Cisco router and switches. MEL-Core1(config-line)#transport input ssh This command allows only SSH connections to your IOS device and will refuse TELNET and other connects on VTY lines. Login local – This command instruct IOS that whenever someone connects via VTY lines, authenticate the user using local database (running-config).Īnother things you might want to do is, just enable connections via SSH, disable TELNET and other connection. The physical terminal line is your console port, so remote connects are logical connections. Terminal lines (vty) are logical ports or interface via which a user connects to the device. Next step is to configure the terminal lines to allow SSH connections and configure authentication method. Configure Virtual Terminal Line to allow SSH (vty)
Note: priv 15 – means create this as an Admin user – maximum rights. MEL-Core1(config)# username sakun priv 15 secret sharma1 When we create a user account in IOS, there are two ways to specify the password – using normal passwords, using secret passwords (MD5 hash), best practice use secret instead of normal passwords. When we create any user account in IOS using command line, IOS stores that user information in running-configuration file (local database). We can authenticate using AAA (Authentication, Authorization, Accounting) server (Cisco ACS, Cisco ISE, etc) users as well directly without creating any local user, but best practice is to create a local admin user too. By default there is no username and passwords on many IOS devices, so next step is to create a user account in your IOS. It uses user based authentication (username and password). When we use SSH, IOS device authenticate the user before allowing access to CLI of IOS. Configure Virtual Terminal Line to allow SSH (vty).Now in order to allow login via SSH into CLI of IOS we need to configure few more things. We have fulfilled SSH prerequisites for IOS which enable us to SSH into your device. MEL-Core1(config)#ip ssh ver 2 Enable IOS to Support SSH Connection We need to enable SSH on IOS and set which version of SSH you want to use. MEL-Core1(config)#crypto key generate rsa Remember if you want to use SSH ver 2, the key size should be minimum of 768 bits, if you key length is smaller than 768bits you cannot use SSH ver 2. In this part we will create an key with RSA algorithm to encrypt the SSH packets. MEL-Core1(config)#ip domain-name sakunsharma.in Create crypto key (for encyption) IOS doesn’t validate where that domain is reachable or not, so you can configure any domain name, but recommended is use you organization domain name.įor example – Hostname – MEL-Core1 and Domain Name is – sakunsharma.in – Crypto key will generate an key with device name as – Crypto key generates a certificate for you device with name as –.
To generate an encryption certificate (crypto key) we need to configure a domain-name for this device. Router(config)# hostname MEL-Core1 Configure Domain Name We need to change device hostname from default hostname (Router / Switch) to any other non-default hostname.