Today I am here to discuss ssh configuration and ssh configuration options on routers in little more detail. using cisco packet tracer software here i will show you not only how to configure ssh over cisco router but also show you how to configure other ssh setting on router properly.Before we go ahead in this article i will love to brief you guys about the steps i will follow to do this lab.
Even you have Basic Knowledge of networking you can easily understand this lab and can configure ssh on any router with all other settings.
1.Configure Router Interface ,assign ip address and gateway ip on PC and Then Verify Communication using PING Command.
2. Configure hostname and domain name for router
3 Configure RSA key
4.Enable SSH v2
5.Configure other settings for SSH
6.Create user account for ssh and password with higher priviledge.
7.Configure VTY Line for SSH
7.Check ssh connection from remote pc.
8.Check ssh version and other settings
9.Check or see public key you created
Now Lets start The steps one by One as I have mentioned above:
First we will assign ip address on pc and router interface as mentioned in above topology diagram.
At the same time we can configure hostname and domain name.
Router>enable Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname cisco cisco(config)#ip domain-name ccna.com cisco(config)#int fa0/0 cisco(config-if)#ip add 1.0.0.1 255.0.0.0 cisco(config-if)#no shut
Configure RSA key on Cisco router of 1024 bit:
cisco(config)#crypto key generate rsa The name for the keys will be: cisco.ccna.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Enable SSH version 2 on cisco Router:
cisco(config)#ip ssh version 2 *Mar 1 0:3:26.375: %SSH-5-ENABLED: SSH 1.99 has been enabled cisco(config)#
Configure maximum login attempt settings for security reasons.
Also configure ss time-out time.
cisco(config)#ip ssh authentication-retries 3 cisco(config)#ip ssh time-out 60
Configure Username with encrypted password using enable secret.
here password is linux123
cisco(config)#username admin privilege 15 secret linux123
Configure VTY Line for SSH
cisco(config)#line vty 0 4 cisco(config-line)#transport input ? all All protocols none No protocols ssh TCP/IP SSH protocol telnet TCP/IP Telnet protocol cisco(config-line)#transport input ssh cisco(config-line)#privilege level 15 cisco(config-line)#login local
You can see above we have taken ssh as input so telnet or any other protocol is now disabled on these lines.
Now its time to go to PC and Check its IP Address:
Packet Tracer PC Command Line 1.0
PC>ipconfig FastEthernet0 Connection:(default port) Link-local IPv6 Address.........: FE80::205:5EFF:FECE:2619 IP Address......................: 1.0.0.2 Subnet Mask.....................: 255.0.0.0 Default Gateway.................: 1.0.0.1
Now Test SSH connection from PC to Router:
PC>ssh -l admin 1.0.0.1 Open Password: cisco#
time to cross check ssh version and other settings we have done.
cisco#show ip ssh SSH Enabled - version 2.0 Authentication timeout: 60 secs; Authentication retries: 3
Time to check the publick key generated
cisco#show crypto key mypubkey rsa % Key pair was generated at: 0:3:12 UTC Mar 1 1993 Key name: cisco.ccna.com Storage Device: not specified Usage: General Purpose Key Key is not exportable. Key Data: 00003cc5 00006575 00007e8d 0000173b 00000900 00000937 00002d2d 000023ed 00006671 00007e88 00005b89 00004824 00005d2c 00001c80 00007672 0000273e 000005a1 00005217 00004808 00005daa 00005a15 000001d2 000074cf 59aa % Key pair was generated at: 0:3:12 UTC Mar 1 1993 Key name: cisco.ccna.com.server Temporary key Usage: Encryption Key Key is not exportable. Key Data: 00003c53 000040a2 00004f06 00003156 0000039e 00007c09 00007434 000019e5 000026eb 00004b7e 00006903 00006428 0000574d 00007113 00002751 00002257 00001eb1 00004d55 00005285 00005b10 000056cb 00004a73 0000061f 6d9d cisco#
Learn Linux CCNA CEH IPv6 Cyber-Security Online 
very informative article sir. Great work 👍👍
LikeLike