Configuring SSH services on a Cisco router currently Cisco products only support SSH-1, not SSH-2. The following uses GSR 12008 as an example to describe the configuration method of the SSH-1 (configuration input command in italic): ① configure hostname and ip domain-name: Router # configure terminal Router (config) # hostname TEST-GSR12008 TEST-GSR12008 (config) # ip domain-name jx.cn.net ② configure the login user name and password (take local authentication as an example): TEST-GSR12008 (config) # username test password 0 test note: add a user: test, password: test TEST-GSR12008 (config) # line vty 0 4 TEST-GSR12008 (config-line) # login local after these two sections are done, run the show run command to see the hostname TEST-GSR12 008! Boot system flash gsr-k3p-mz.120-14.S.bin enable secret 5 $1 $ DMyW $ gdSIOkCr7p8ytwcRwtnJG. enable password 7 094F47C31A0A! Username test password 7 0835495D1D clock timezone PRC 16 redundancy main-cpu auto-sync startup-config!!!! Ip subnet-zero no ip finger ip domain-name jx.cn.net ip name-server 202.101.224.68 ip name-server 202.101.226.68! ③ Configure SSH service: TEST-GSR12008 (config) # crypto key generate rsa The name for the keys will be: TEST-GSR12008.jx.cn.net Note: SSH keyword name is hostname +. + ip domain-name Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. choosing a key modulus greater than 512 may take a few minutes. how many bits in the modulus [512]: Note: select the number of encrypted digits, and Generating RSA keys... [Okay] TEST-GSR12008 (config) # end TEST-GSR12008 # write Building configuration... At this time, run the show run command to see: ip subnet-zero no ip finger ip domain-name jx.cn.net ip name-server 202.101.224.68 ip name-server 202.101.226.68 ip ssh time-out 120 ip ssh authentication-retries 3! Run the show ip ssh command to see SSH Enabled-version 1.5 Authentication timeout: 120 secs; Authentication retries: 3 now the SSH service has been started. To stop the SSH service, run the following command: TEST-GSR12008 (config) # crypto key zeroize rsa ④ set the SSH parameter After configuring SSH, through the show run command we see SSH default parameter: timeout is limited to 120 seconds, authentication retries are 3, you can modify through the following command: TEST-GSR12008 (config) # ip ssh {[time-out seconds]} | [authentication-retries interger]} if you want to change the timeout limit to 180 seconds, you should use: TEST-GSR12008 (config) # ip ssh ti Me-out 180 if you want to change the number of retries to 5, you should use: TEST-GSR12008 (config) # ip ssh authentication-retries 5, SSH has been configured successfully on the router, you can use SSH to log on securely.