Summary: (Required Crypto Image)

Router(config)# hostname TR-Router

TR-Router(config)# ip domain-name TechRepublic.com
TR-Router(config)# crypto key generate rsa
TR-Router# show ip ssh

TR-Router(config)# line vty 0 4

TR-Router(config-line)# login local
TR-Router(config-line)# transport input telnet ssh
TR-Router(config-line)# transport output telnet ssh

I assume you are missing the crypto and ip ssh commands in your global configuration mode.
That would mean that your IOS image is lacking the crypto support. Have a look at the show
version output:

Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(37)SE, RELEASE

SOFTWARE (fc3)

Note the underlined letters in the above output. The K9 code means that your IOS image
contains the crypto support. If the K9 is not shown (i.e. it says IPBASE-M or IPSERVICES-M only)
then your IOS does not have the crypto feature set and you will need to upgrade it.

First, make sure your router has a hostname by using

the hostname command. Here's an example:

Router(config)# hostname TR-Router

Next, configure a domain name on your router using the ip domain-

name command. Here's an example:

TR-Router(config)# ip domain-name yyyyyyyyy.com

Then, create an RSA encryption key pair for the router to use for
authentication and encryption of the SSH data. One of the questions you
must answer during this process is the modulus size of the key. Make sure
the key modulus is at least 768 bits. Here's an example:

TR-Router(config)# crypto key generate rsa

The name for the keys will be: TR-Router.TechRepublic.com Choose the size
of the key modulus in the range of 360 to 2048
for your General Purpose Keys. Choosing a key modulus greater than
512 may take a few minutes.
How many bits in the modulus [512]: 768 % Generating 768 bit RSA keys ...
[OK]
TR-Router(config)# *Mar 1 00:17:13.337: %SSH-5-ENABLED: SSH 1.5 has been
enabled
 TR-Router(config)#

As you can see from this example, after the system generates the key,
you'll receive a message that it has automatically enabled SSH 1.5 on the
router. To clarify, SSH 1.5 is Cisco's way of saying this router is running
SSH1. If the system has enabled support for both SSH1 and SSH2, this
message would say SSH 1.99. If the system has only enabled support for
SSH2, the message would say SSH 2.0.

You can also configure SSH settings if you choose. To do so, use the ip
ssh command with whichever parameters you choose to set. (Different IOS
versions have different options because they support different versions of
SSH.) Here's an example:

TR-Router(config)# ip ssh ? authentication-retries Specify number of

authentication retries Port Starting (or only) port
number to listen on Rsa
Configure RSA keypair name for SSH source-interface Specify
interface for source address in SSH connections
time-out Specify SSH time-out interval TR-Router(config)#
ip ssh

Configuring optional SSH settings completes the process of configuring

SSH on the router. Now, let's take a look at showing the SSH status.

To view the status of SSH, you can use the following commands:

 Use show ip ssh to view SSH settings.

 Use show ssh to view SSH connections.
Here's an example:

TR-Router# show ip ssh

SSH Enabled - version 1.5 Authentication timeout: 120 secs; Authentication
retries: 3
TR-Router# show ssh %No SSH server connections running.
TR-Router#

SSH debug commands are also available by using the debug ip

ssh command.

You can use a device's built-in SSH client to connect to other SSH servers.
The Privileged Mode command is ssh. Here's an example:

TR-Router# ssh ?
-c Select encryption algorithm
-l Log in using this username
-o Specify options
-p Connect to this port
WORD IP address or hostname of a remote system
TR-Router# ssh