SSH Configuration in Cisco Router: Simple Way to Secure Your Router

What is SSH?

SSH, which stands for Secure Shell or Secure Socket Shell, is a network protocol that provides system administrators and other users with a safe method of connecting to a computer over an unprotected network.  The collection of programs that carry out the SSH protocol is sometimes referred to as SSH.  Secure Shell offers encrypted data transfers between two computers connected over an open network, such the internet, in addition to robust password and public key authentication.

SSH is frequently used by network administrators to remotely administer systems and programs in addition to offering robust encryption. It allows them to log in to another computer across a network, run commands, and transfer information between computers.

First of all we need a cisco router on that we will configure SSH for remote access and a host computer by which we access this router securely. Connect both device with appropreate cable.

Step-1: Hostname Config- A hostname configuration is required for generating SSH RSA keys.

Command:
Router(config)#hostname SSH-SERVER

Step-2: Domain Name Config- SSH key generation requires a domain name. This can be any name you choose for your network. You can use your comapany domain here.

Command: 

SSH-SERVER(config)#ip domain-name example.com

Step-3: Local User Create: Creates a user "admin" or as per your requirement with privilege level 15 (full access) and encrypted password. SSH login will use this account.

Command:

SSH-SERVER(config)#username admin privilege 15 secret 0 admin0987

Step-4: RSA Key Generate- Generates the RSA key pair which will be used by SSH. Use at least 1024 bits, though 2048 is better for security if supported.

Command:

SSH-SERVER(config)#crypto key generate rsa (Here we use 1024 for RSA key)

Step-5: Enable SSH- Enforces SSHv2, which is more secure than SSHv1. SSHv1 is not used nowadays.

Command:

SSH-SERVER(config)#ip ssh version 2

Step-6: Virtual Line Config- Configure virtual line to accept secure SSH connection.

Command:

SSH-SERVER(config)#line vty 0 4

SSH-SERVER(config-line)#transport input ssh

SSH-SERVER(config-line)#login local

line vty 0 4 (VTY line 0 to 4 will accept the SSH connection.)

transport input ssh (By this command only SSH allow)

login local (Local user permit to login)

Step-7: SSH Test- To test SSH we connect a PC and connect it to the router.

From test PC we can connect the router over SSH securily.