
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 07-29-2014 10:54 AM
Use the following commands in IOS to configure SSH. It may apply for all the IOx devices such as ISR819(C819), CGR1120/1240, and IR829/809.
Command | Explanation |
---|---|
enable | Enter privilege execution mode |
conf term | Enter configuration mode |
enable password cisco123 | create enable password |
username admin password cisco123 ip domain name lab.cisco.com | Create the "admin" user and password add a domain name |
crypto key generate rsa modulus 1024 label SSH | Create RSA keys for SSH |
ip ssh rsa keypair-name SSH | Associate the RSA keys with SSH |
ip ssh version 2 | Enable SSH version 2 |
line vty 0 4 | Enable remote login |
transport input ssh telnet | Enable SSH access on the lines |
exec-timeout 0 | disble remote login timeout |
login local | In case of "no aaa new-model". No need to run it if it is “aaa new-model”, for details, please refer to the notes at the end of this post. |
interface GigabitEthernet2/1 | Begin configuring the interface for connection with ISP. If you connected another ethernet interface please substitute it's name in this command. |
no switchport | Convert interface to Layer 3 |
ip address 172.27.170.127 255.255.255.0 | Set I/F IPv4 address. Substitute IPv4 address and mask here with IPv4 address (global static or private) |
no shutdown | Enable interface |
exit | Exit interface configuration |
ip route 0.0.0.0 0.0.0.0 172.27.170.1 | Set default route. Substitute the gateway address. |
exit | Exit configuration |
copy running startup | Save Config in Flash memory -- This may be deferred till all the configs have been tested. |
Please notify, for the authentication, the aaa new-model command causes the local username and password on the router to be used in the absence of other AAA statements. Instead of no aaa new-model, you can use the login local command.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
note: for many versions of IOS, sshV2 has a 'behavior' that stops linux ssh/ssl from connecting. I believe this was due to changes in ssl after the heartbleed bug.
the workaround is to edit your ssh config as follows:
----------snip------------
Host *
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
StrictHostKeyChecking no
----------snip------------
this reorders the key exchange algs and allows a linux user to ssh (ssh -2) to a cisco router.
ssh v1 does not seem to have this issue, but if you want to use something that needs sshv2 (like netconf, for example) this fix will allow you to get sshv2 working again.