Professional Documents
Culture Documents
I assume you are missing the crypto and ip ssh commands in your global configuration mode.
That would mean that your IOS image is lacking the crypto support. Have a look at the show
version output:
Note the underlined letters in the above output. The K9 code means that your IOS image
contains the crypto support. If the K9 is not shown (i.e. it says IPBASE-M or IPSERVICES-M only)
then your IOS does not have the crypto feature set and you will need to upgrade it.
Then, create an RSA encryption key pair for the router to use for
authentication and encryption of the SSH data. One of the questions you
must answer during this process is the modulus size of the key. Make sure
the key modulus is at least 768 bits. Here's an example:
As you can see from this example, after the system generates the key,
you'll receive a message that it has automatically enabled SSH 1.5 on the
router. To clarify, SSH 1.5 is Cisco's way of saying this router is running
SSH1. If the system has enabled support for both SSH1 and SSH2, this
message would say SSH 1.99. If the system has only enabled support for
SSH2, the message would say SSH 2.0.
You can also configure SSH settings if you choose. To do so, use the ip
ssh command with whichever parameters you choose to set. (Different IOS
versions have different options because they support different versions of
SSH.) Here's an example:
To view the status of SSH, you can use the following commands:
You can use a device's built-in SSH client to connect to other SSH servers.
The Privileged Mode command is ssh. Here's an example:
TR-Router# ssh ?
-c Select encryption algorithm
-l Log in using this username
-o Specify options
-p Connect to this port
WORD IP address or hostname of a remote system
TR-Router# ssh