How to enable SSH login access to a Cisco 800 Series
So you want to be able to secure your router so that it is necessary to ssh into it rater than just telnet in.
If this is being used as an ADSL or DSL router like in the article “Setting up a Cisco 800 series for ADSL”
NOTE: This should work with any Cisco 800 Series router including the Cisco 801 Cisco 827 Cisco 837 Cisco 877 and Cisco 877W routers provided the Cisco IOS on the router supports ssh
Firstly is ssh enabled?
router#sh ip ssh
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH.
Authentication timeout: 60 secs; Authentication retries: 5
In this case its not, if you got a error saying that sh ip ssh is not recognized then you would know that ssh is not supported or possibly that the command is different for your platform.
How to enable SSH on a Cisco 800 series
router# config term
router(config)#crypto key generate rsa usage-keys label router-key
The name for the keys will be: router-key
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
Choose the size of the key modulus in the range of 360 to 2048 for your
Encryption Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
router (config)#
000047: *Mar 1 20:40:50.843 UTC: %SSH-5-ENABLED: SSH 1.99 has been enabled
router (config)#exit
According to the line above SSH has been enabled, we can confirm this by running the sh ip ssh command again.
router#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
router#
Now setting the router up to accept ssh logins
Usually it will anyway because by default the transport is set to all
transport preferred all
transport input all
But we want to change that
Router#conf t
!
line vty 0 4
access-class 1 in
exec-timeout 30 0
privilege level 15
login local
transport preferred ssh
transport input ssh
!
Write your config and test it.
So you want to be able to secure your router so that it is necessary to ssh into it rater than just telnet in.
If this is being used as an ADSL or DSL router like in the article “Setting up a Cisco 800 series for ADSL”
NOTE: This should work with any Cisco 800 Series router including the Cisco 801 Cisco 827 Cisco 837 Cisco 877 and Cisco 877W routers provided the Cisco IOS on the router supports ssh
Firstly is ssh enabled?
router#sh ip ssh
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH.
Authentication timeout: 60 secs; Authentication retries: 5
In this case its not, if you got a error saying that sh ip ssh is not recognized then you would know that ssh is not supported or possibly that the command is different for your platform.
How to enable SSH on a Cisco 800 series
router# config term
router(config)#crypto key generate rsa usage-keys label router-key
The name for the keys will be: router-key
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
Choose the size of the key modulus in the range of 360 to 2048 for your
Encryption Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
router (config)#
000047: *Mar 1 20:40:50.843 UTC: %SSH-5-ENABLED: SSH 1.99 has been enabled
router (config)#exit
According to the line above SSH has been enabled, we can confirm this by running the sh ip ssh command again.
router#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
router#
Now setting the router up to accept ssh logins
Usually it will anyway because by default the transport is set to all
transport preferred all
transport input all
But we want to change that
Router#conf t
!
line vty 0 4
access-class 1 in
exec-timeout 30 0
privilege level 15
login local
transport preferred ssh
transport input ssh
!
Write your config and test it.
Comments