How to enable SSH on Cisco device?

Technology: Device Management
Area: SSH
Vendor: Cisco
Software: 12.X , 15.X, Crypto Images
Platform: Catalyst 2960-X, Catalyst 3560, ISR Routers

Secure Shell (SSH) allows encrypted communication with devices. How to enable SSH on Cisco device? You need to have crypto image (or license supporting SSH). First, generate RSA keys for encryption. To generate them you need to specify hostname of device and any domain name.


Router(config)#hostname Router-Branch
Router-Branch(config)#ip domain-name grandmetric.labs
Router-Branch(config)#crypto key generate rsa
The name for the keys will be: Router-Branch.grandmetric.com
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
! generate keys
Router-Branch(config)#%SSH-5-ENABLED: SSH 1.99 has been enabled

To enable ssh authentication you need to configure at least local username and password (SSH doesn’t allow loging without user/pass pair):

Router(config)#username testuser privilege 15 secret GMSL@BS

And create authentication list pointing to local database of users

Router(config)#aaa new-model
Router(config)#aaa authentication login default local
Router(config)#line vty 0 15
Router(config-line)#transport input ssh