Configure SSH in Cisco Switch


Step 1: Setup hostname, domain-name and Management IP address

(config)# hostname corp-sw-01
(config)# ip domain-name
(config)# interface vlan 101
(config-if)# ip address


Step 2: Generate RSA key

(config)# crypto key generate RSA
The name for the keys will be:
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…
[OK] (elapsed time was 1 seconds)


Step 3: Create SSH account

(config)# username admin password ***********
(config)# enable secret password ***********

Step 4: Configure line vty

In traditional IOS, there were 5 lines for vty to support remote access and in future versions, there are 16 lines provided, vty 0 15 but there is no operational impact.

You need to enable ‘login local’ in the vty instead of just ‘login’. The latter doesn’t allow SSH, it prompts for username and password when you SSH to device, but doesn’t allow you to login even after you type correct username and password.

(config)# line vty 0 4
(config-line)# login local
(config-line)# transport input SSH
(config)# exit
In order to disable telnet over the other lines

(config-line) # line vty 5 15
(config-line) # no exec

Step 5: Verify SSH access

(config)# sh ip ssh
SSH Enabled – version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
And you may further want to encrypt the passwords in show run, specify the command

(config)# service password-encryption


Related Articles & Comments

Menu Title
%d bloggers like this: