In this article we will learn how to enable access by SSH (Secure Shell) to a Cisco router.
Why enable SSH? Is not Telnet enough?
No, the telnet is an access protocol for managing routers and other devices that is famous for the lack of security it offers. The non-encrypted communication and with any packet analyzer such as Wireshark you can capture the commands that are sent to the router.
To ensure secure data access and transmission, we recommend using the SSH v2 protocol. That Encrypt communications and prevents them from being intercepted.
How do we enable SSH to a Cisco Router?
- We connect by console to the Cisco router. For more info follow thislink. If you already have Telnet access, you can also do so.
- We access the console and we will have to put the following commands:
We enter router configuration mode
Configure the router name
We configure the domain, since without it you will not be able to generate the rsa keys.
R_Movingit(config)#ip domain-name moving-it.net
Next we generate the encryption key.
R_Movingit(config)#crypto key generate rsa 1028
Once generated, we will add some SSH configuration commands.
If the user does not enter any user or password within 30 seconds, the connection will be automatically closed.
R_Movingit(config)#ip ssh time-out 30
We also configure a maximum of 3 successful authentication attempts.
R_Movingit(config)#ip ssh authentication-retries 3
We enable the ssh protocol of version 2 which is more secure.
R_Movingit(config)#ip ssh version 2
We will now create a user with privilege 15 (the maximum you can access without having to enter the enable password).
R_Movingit(config)#username admin privilege 15 password cisco
We will now configure the line we will enter, in this case by network which are the lines vty 0 4.
R_Movingit(config)#line vty 0 4
We enable that it can only be accessed by ssh.
R_Movingit(config-line)#transport input ssh
The user who will be able to access through this line are the ones defined by hand “in local”.
Uala!! We already have SSH access enabled. Try it out and if you have any problems don’t hesitate to add your comments.
Cheers and see you on the nets!!