When you configure a Cisco device, you need to use a console cable and connect directly to the system to access it. Follow the SSH setup below, will enable SSH access to your Cisco devices, since SSH is not enabled by default. Once you enable SSH, you can then access it remotely using SecureCRT or any other SSH client.
Set hostname and domain-name
The hostname has to have a hostname and domain-name.
switch# config t switch(config)# hostname tpw-switch tpw-switch(config)# ip domain-name thepacketwizard.com
Setup Management IP
In the following example, the management ip address will be set to 10.100.101.2 in the 101 VLAN. The default gateway points to the firewall, which is 10.100.101.1
tpw-switch# ip default-gateway 10.100.101.1 tpw-switch# interface vlan 101 tpw-switch(config-if)# ip address 10.100.101.2 255.255.255.0
Generate the RSA Keys
The switch or router should have RSA keys that it will use during the SSH process. So, generate these using crypto command as shown below.
tpw-switch(config)# crypto key generate rsa The name for the keys will be: tpw-switch.thepacketwizard.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus : 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Setup the Line VTY configurations
Setup the following line vty configuration, where input transport is set to SSH only. Set the login to local, and password to 7, and make sure Telnet is not enabled:
tpw-switch# line vty 0 4 tpw-switch(config-line)# transport input ssh tpw-switch(config-line)# login local tpw-switch(config-line)# password 7 tpw-switch(config-line)# exit
If you have not set the console line yet, use the following:
tpw-switch# line console 0 tpw-switch(config-line)# logging synchronous tpw-switch(config-line)# login local
Create the username password
If you don’t have an username created already, here is how:
tpw-switch# config t Enter configuration commands, one per line. End with CNTL/Z. tpw-switch(config)# username thepacketwizard password tpwpassword123 tpw-switch# enable secret tpwenablepassword
Make sure the password-encryption service is turned-on, which will encrypt the password, and when you do “show run”, you’ll see only the encrypted password and not clear-text password.
tpw-switch# service password-encryption
Verify SSH access
From the switch, if you do ‘show ip ssh’, it will confirm that the SSH is enabled on this Cisco device.
tpw-switch# show ip ssh SSH Enabled - version 1.99 Authentication timeout: 120 secs; Authentication retries: 3
After the above configurations, login from a remote machine to verify that you can ssh to this cisco switch.
In the example, 10.100.101.2 is the management ip-address of the switch.
TPW-Remote-Computer# ssh 10.100.101.2 login as: thepacketwizard Using keyboard-interactive authentication. Password: tpw-switch>en Password: tpw-switch#
You are now setup and logged in on SSH!
To read more on SSH visit: https://en.wikipedia.org/wiki/Secure_Shell