Use the following commands in IOS to configure SSH. It may apply for all the IOx devices such as ISR819(C819), CGR1120/1240, and IR829/809.
| Command | Explanation |
|---|
enable | Enter privilege execution mode |
conf term | Enter configuration mode |
enable password cisco123 | create enable password |
username admin password cisco123 ip domain name lab.cisco.com | Create the "admin" user and password add a domain name |
crypto key generate rsa modulus 1024 label SSH | Create RSA keys for SSH |
ip ssh rsa keypair-name SSH | Associate the RSA keys with SSH |
| ip ssh version 2 | Enable SSH version 2 |
line vty 0 4 | Enable remote login |
transport input ssh telnet | Enable SSH access on the lines |
exec-timeout 0 | disble remote login timeout |
| login local | In case of "no aaa new-model". No need to run it if it is “aaa new-model”, for details, please refer to the notes at the end of this post. |
| interface GigabitEthernet2/1 | Begin configuring the interface for connection with ISP. If you connected another ethernet interface please substitute it's name in this command. |
| no switchport | Convert interface to Layer 3 |
ip address 172.27.170.127 255.255.255.0 | Set I/F IPv4 address. Substitute IPv4 address and mask here with IPv4 address (global static or private) |
no shutdown | Enable interface |
exit | Exit interface configuration |
| ip route 0.0.0.0 0.0.0.0 172.27.170.1 | Set default route. Substitute the gateway address. |
| exit | Exit configuration |
copy running startup | Save Config in Flash memory -- This may be deferred till all the configs have been tested.
|
Please notify, for the authentication, the aaa new-model command causes the local username and password on the router to be used in the absence of other AAA statements. Instead of no aaa new-model, you can use the login local command.
