Home
 
 
General
 
Cisco basics
 
Switching
 
Network management
 
HSRP
 
SSH
Configuring SSH
Disable SSH v1
SSH without domain name configured
 
IPsec
 
Routing protocols
 
Address translation
 
Unified communication
 
Quality of service
 
Wireless
 
CCIE
 
Cisco NX-OS / Nexus
 
ASA / PIX Security Appliances
 

How to configure SSH version 2 on Cisco (disable SSH version 1)

To enable Secure Shell (SSHv2) version 2 (disable version 1) on a Cisco router an IOS with 3des encryption is required.

When there is no SSH version configured, version 1 and 2 will be supported both.

Follow the next steps to enable SSH:
• Configure the hostname command.
• Configure the DNS domain.
• Generate RSA key to be used.
• Enable SSH transport support for the virtual type terminal (vty)

Example SSH version 2 configuration:

hostname ssh-router
aaa new-model
username cisco password cisco
ip domain-name routers.local

! Specifies which RSA keypair to use for SSH usage.
ip ssh rsa keypair-name sshkeys

! Enables the SSH server for local and remote authentication on the router.
! For SSH Version 2, the modulus size must be at least 768 bits.
crypto key generate rsa usage-keys label sshkeys modulus 768


! Configures SSH control variables on your router.
ip ssh timeout 120

! configure SSH version 2 (will disable SSH version 1)
ip ssh version 2


!--- disable Telnet and enable SSH
line vty 0 4
transport input SSH


Commands to verify SSH configuration:
• show ssh
• show ip ssh
• debug ip ssh

Vulnerability Announcements
Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series

Default Credentials Vulnerability in Cisco Network Registrar

Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities

Cisco Content Services Gateway Denial of Service Vulnerability

Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities

Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability

Field Notices
(Cisco 10000 Series Routers) Field Notice: FN - 62762 - Updated - UMPIRE Archived -- ESR or uBR PRE2 Unable To Read PCMCIA ATA Flash Disk - Data Loss or System Boot Hang - Replace Flash Card

(Cisco uBR10012 Universal Broadband Router) Field Notice: FN - 62762 - Updated - UMPIRE Archived -- ESR or uBR PRE2 Unable To Read PCMCIA ATA Flash Disk - Data Loss or System Boot Hang - Replace Flash Card

(Cisco CRS Series Routers) Field Notice: FN - 63126 - CRS: 1OC768-ITU/C cards may experience High Bit Error Rate (BER) or loss of Transmit power incidents in certain batch of optical module - Workaround Fix on Failure

(Cisco CRS Series Routers) Field Notice: FN - 63046 - CRS - 1OC768-POS-SR cards May Experience Bit Error Rate (BER) Incidents Due to Onboard Short - Fix on Failure

(Cisco MGX 8800 Series Switches) Field Notice: FN - 63319 - MGX - VXSM-SW May Report Error Code 400 for CAS Signaling Call - Workaround Available

(Cisco 7800 Series Media Convergence Servers) Field Notice: FN - 63324 - A Limited Number of HP DL380-G6 Servers Shipped Prior to November 16, 2009 May Unexpectedly Reboot