Prior to the introduction of SSH in the Cisco IOS, the only remote login protocol was Telnet. Although quite functional, Telnet is a non-secure protocol in which the entire session, including authentication, is in clear text and thus subject to snooping. createssh

SSH is both a protocol and an application that replaces Telnet and provides an encrypted connection for remote administration of a Cisco network device such as a router, switch, or security appliance. supermoz

The Cisco IOS includes both an SSH server and an SSH client. This document is concerned only with the configuration of the SSH server component. v

Prerequisites

Software

The SSH server component requires that you have an IPSec (DES or 3DES) encryption software image from Cisco IOS Release 12.1(1)T or later installed on your router. Advanced IP services images include the IPSec component. This document was written using c2800nm-advipservicesk9-mz.123-14.T5.bin. buddylinks

Pre-configuration

You must configure a hostname and a domain name on your router. For example:

router#
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router01(config)#hostname router01
router01(config)#ip domain-name domain.local

You must also generate an RSA keypair for your router which automatically enables SSH. In the following example, note how the keypair is named for the combination of hostname and domain name that were previously configured. The modulus represents the key length. Cisco recommends a minimum key length of 1024 bits (even though the default key length is 512 bits): seoboost

router01(config)#
router01(config)#crypto key generate rsa
The name for the keys will be: router01.domain.local
Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys …[OK]

Finally, you must either use an AAA server such as a RADIUS or TACACS+ server or create a local user database to authenticate remote users and enable authentication on the terminal lines. For the purpose of this document, we’ll create a local user database on the router. In the following example, the user “donc” was created with a privilege level of 15 (the maximum allowed) and given an encrypted password of “p@ss5678”. (The command “secret” followed by “0” tells the router to encrypt the following plaintext password. In the router’s running configuration, the password would not be human readable.) We also used line configuration mode to tell the router to use its local user database for authentication (login local) on terminals lines 0-4. For more info please visit these sites:-https://www.stumbledirectory.org/ https://www.bizfront.org/ https://www.bizprimary.com/ https://www.ultradir.biz/ https://www.directori.co/