Configure ssh access to IOS router

Posted on November 13, 2010


The routers are managed generally with telnet. Telnet is from security view not the best access method, as it is clear text and fast all end-hosts has a telnet client.
In such case secure access should be used with ssh or ssl.
A Cisco IOS router can be accessed with ssh as well, the following config is required for that.

IOSFirewall#configure terminal
IOSFirewall(config)# enable password YourPassword
IOSFirewall(config)# hostname IOSFirewall
IOSFirewall(config)# ip domain-name YourDomainName
Router-ssh(config)# crypto key generate rsa
The name for the keys will be: IOSFirewall.YourDomainName
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. 

How many bits in the modulus [512]: 768
% Generating 768 bit RSA keys …[OK]
IOSFirewall(config)# ip ssh time-out 60
IOSFirewall(config)# ip ssh version 2 —> From 12.3(4)T only!
IOSFirewall(config)# line vty 0 4
IOSFirewall(config-line)# no exec
IOSFirewall(config-line)# login local
IOSFirewall(config-line)# rotary 1 –> see ‘ip ssh port’ comment! Use only from 12.3(4)T!
IOSFirewall(config-line)# transport input ssh
IOSFirewall(config-line)# exit
IOSFirewall(config-)# ip ssh port 2000 rotary 1 —> From 12.3(4)T only!
IOSFirewall(config)#username YourUserName password YourPassword

It is not complicated and it is worth to setup.