How to configure SSH version 2 on Cisco Devices (disable SSH version 1)

To enable Secure Shell (SSH) version 2 (disable version 1) on a Cisco router an IOS with 3des encryption is required.

Follow the next steps to enable SSH:
• Configure the hostname command.
• Configure the DNS domain.
• Generate RSA key to be used.
• Enable SSH transport support for the virtual type terminal (vty)

Example SSH version 2 configuration:

hostname ssh-router
aaa new-model
username cisco password cisco
ip domain-name routers.local

! Specifies which RSA keypair to use for SSH usage.
ip ssh rsa keypair-name sshkeys

! Enables the SSH server for local and remote authentication on the router.
! For SSH Version 2, the modulus size must be at least 768 bits.
crypto key generate rsa usage-keys label sshkeys modulus 768

! Configures SSH control variables on your router.
ip ssh timeout 120

! configure SSH version 2 (will disable SSH version 1)
ip ssh version 2

!— disable Telnet and enable SSH
line vty 0 4
transport input SSH

Commands to verify SSH configuration:
• show ssh
• show ip ssh
• debug ip ssh

Leave a Reply


*