SSH is a secure method of connecting to a router. Unlike Telnet (TCP port 23), SSH (TCP port 22) sets up a secure channel before usernames, passwords, and data are sent across the connection. It's a simple setup to configure on the router or swich. The only caveat is that you are required to have an SSH client installed on your workstation to connect. And if you're using Linux (well this is LinuxDynasty afterall), then you've got SSH built-in!

So here's the configuration (of course these are typed in at the configuration level):

1. Type "ip domain-name yourdomain.com", and press the Enter key. Item in green is specific to your environment.
   
2. Type, "ip ssh time-out 20", and press the Enter key.
3. Type "ip ssh authentication-retries 3", and press the Enter key.
4. Type, "ip ssh logging events", and press the Enter key.
5. Type "crypto key generate rsa", and press the Enter key. You'll see this message:

          Choose the size of the key modulus in the range of 360 to 2048 for your

          General Purpose Keys. Choosing a key modulus greater than 512 may take

          a few minutes.

         How many bits in the modulus [512]:

     6.  Press the Enter key

 Now your router or switch is ready to accept SSH connections.

------------------------------------------------------------------------------------------------------------------------------------------ 

***Optional additional configuration to lock down connections on the vty lines to SSH ONLY!***

 Type "line vty 0 4", and press the Enter key.

Type "transport input ssh", and press the Enter key.

Now even without an access list the router will not accept Telnet (TCP port 23) connections, but will accept all SSH connections.

---

Add this page to your favorite Social Bookmarking websites