How to configure SSH on your router

August 13, 2008 by qospf

[taken from IE VOL1 workbook]

It’s best to only allow SSH access on your VTY ports. Here’s how you can do it:

1) Configure a domain name on your router:

Rack1R4(config)#ip domain-name internetworkexpert.com

2) Generate the keys:

Rack1R4(config)#crypto key generate rsa general-keys modulus 512

3) Configure the VTY ports with SSH access only:

Rack1R4(config)#line vty 0 4

Rack1R4(config-line)#transport input ssh

4) enable local login for your VTY ports:

Rack1R4(config-line)#login local

5) Don’t forget to configure a local username/password

Rack1R4(config)#username CISCO password CISCO

[make sure you also have an enable password configured]

THAT’S IT!

-qospf

on October 30, 2008 at 8:57 am pello

Hello, ip domain-name is not mandatory if you specify a label to the crypto key generate rsa command.

Cheers,
Francois
on June 13, 2009 at 1:39 am Kamil

I think that ip domail-name is important option here

CCNA,CCNP,CCIE

Another CCIE blog