Home
 
 
General
 
Cisco basics
 
Switching
 
Network management
 
HSRP
 
SSH
Configuring SSH
Disable SSH v1
SSH without domain name configured
 
IPsec
 
Routing protocols
 
Address translation
 
Unified communication
 
Quality of service
 
Wireless
 
CCIE
 
Cisco NX-OS / Nexus
 
ASA / PIX Security Appliances
 

How to configure Secure Shell (SSH) on Cisco

Instead of using telnet (un-encrypted) a router can be connected via Secure Shell (SSH) which is more secure.

To enable SSH on a router an IOS with des or 3des encryption is required.

Follow the next steps to enable SSH:
• Configure the hostname command.
• Configure the DNS domain.
• Generate the SSH key to be used.
• Enable SSH transport support for the virtual type terminal (vty)

The hostname and DNS domain are necessary to generate a SSH key.

Example SSH configuration:

hostname ssh-router
aaa new-model
username cisco password cisco
ip domain-name routers.local

! Generate an SSH key
cry key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2

!--- disable Telnet and enable SSH
line vty 0 4
transport input SSH


Commands to verify SSH configuration:
• show ssh
• show ip ssh
• debug ip ssh

Vulnerability Announcements
Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series

Default Credentials Vulnerability in Cisco Network Registrar

Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities

Cisco Content Services Gateway Denial of Service Vulnerability

Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities

Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability

Field Notices
(Cisco CRS Series Routers) Field Notice: FN - 63126 - CRS: 1OC768-ITU/C cards may experience High Bit Error Rate (BER) or loss of Transmit power incidents in certain batch of optical module - Workaround Fix on Failure

(Cisco CRS Series Routers) Field Notice: FN - 63046 - CRS - 1OC768-POS-SR cards May Experience Bit Error Rate (BER) Incidents Due to Onboard Short - Fix on Failure

(Cisco MGX 8800 Series Switches) Field Notice: FN - 63319 - MGX - VXSM-SW May Report Error Code 400 for CAS Signaling Call - Workaround Available

(Cisco 7800 Series Media Convergence Servers) Field Notice: FN - 63324 - A Limited Number of HP DL380-G6 Servers Shipped Prior to November 16, 2009 May Unexpectedly Reboot

(Cisco 800 Series Routers) Field Notice: FN - 63343 - PCEX-3G-HSPA-R6 Modem not Recognized in Cisco IOS 15.1(1)T of Cisco 880G Series Router - Cisco IOS Upgrade Required

(Cisco MDS 9500 Series Multilayer Directors) Field Notice: FN - 63132 - MDS9000 - Potential DIMM Memory Issue in a Small Number of DS-X9530-SF2-K9 Supervisor Cards Manufactured Between September 2007 and February 2008