Configuring SSH on the Cisco switch

iOS supports SSH for high-end products such as the 7200 series, 7500 series, and 12000 Series (GSR) in the Cisco routers product family. The iOS version of the general support SSH file name is K3 or K4 words, K3 for 56bit SSH encryption, K4 represents 168bit SSH encryption. iOS like my provincial network GSR 12016 and 12008 is a version that supports 56bit SSH encryption.

Cisco's products currently support only SSH-1 and do not support SSH-2. The following is a case of GSR 12008 for a detailed description of the configuration method for SSH-1 (italic word for configuration input commands):

① Configuring hostname and IP domain-name:

Router#configure terminal Router (config) #hostname test-gsr12008 test-gsr12008 (config) #ip domain-name Jx.cn.net

② Configure the login username and password (local authentication as an example):

test-gsr12008 (config) #username Test Password 0 Test Note: Add a User: Test, Password: Test test-gsr12008 (config) #line vty 0 4 test-gsr12008 (config-line) #login Local

After the two parts are done, you can see with the show Run command:

Hostname test-gsr12008 ! Boot system flash Gsr-k3p-mz.120-14.s.bin enable secret 5 $1$DMYW$GDSIOKCR7P8YTWCRWTNJG. Enable password 7 094f47c31a0a ! Username Test Password 7 0835495d1d clock timezone PRC redundancy main-cpu auto-sync Startup-config!!!! IP subnet-zero no ip finger IP domain-name jx.cn.net IP name-server 202.101.224.68 IP name-server 202.101.226.68 !

③ Configuring the SSH service:

test-gsr12008 (config) #crypto key generate RSA the name for the keys would be:test-gsr12008.jx.cn.net Note: SSH's keyword name is hostname +. +ip Domain-name Choose The size of the the key modulus in the range of the 2048 of a for your general Purpose Keys. Choosing a key modulus greater than to take a few minutes. How many bits in the modulus [512]: NOTE: Choose the number of encrypted bits, with the default on the line generating RSA keys ... [OK] test-gsr12008 (config) #end test-gsr12008#write Building configuration ...

At this point, you can see with the show Run command:

IP subnet-zero no ip finger IP domain-name jx.cn.net IP name-server 202.101.224.68 IP name-server 202.101.226.68 IP ssh time-out ip ssh authentication-retries 3 !

With the command show IP ssh can also be seen:

SSH enabled-version 1.5 authentication timeout:120 secs; Authentication Retries:3

Now that the SSH service is started, if you need to stop the SSH service, use the following command:

test-gsr12008 (config) #crypto key zeroize RSA

④ setting SSH Parameters

Once SSH is configured, we see the default parameters of SSH through the show Run command: The timeout is limited to 120 seconds and the number of authentication retries is 3, which can be modified by the following command:

test-gsr12008 (config) #ip ssh {[time-out seconds]} | [Authentication-retries Interger]}

If you want to change the timeout limit to 180 seconds, you should use:

test-gsr12008 (config) # IP SSH time-out 180

If you want to change the number of retries to 5 times, you should use:

test-gsr12008 (config) # ip ssh authentication-retries 5

This way, SSH has been successfully configured on the router and is able to log in securely via SSH.