Configuring SSH on Cisco devices

There are multiple methods to manage a device like TELNET,  SNMP, NETCONF, REST API,HTTP,HTTPS etc . But I think SSH by far is most standard and robust to method. Unlike telnet SSH uses  TCP to initiate the connection between the server and client.Once the three way handshake is done basically three steps occur to exchange the cryptographic parameters and start the encrypted data exchange.

  • SSH Vesion and application detail sharing
  • Exchange of Encryption, Compression and MAC algorithms
  • Diffie-hellman key exchange
  • Encrypted data transfer
Cisco SSH transfer
SSH

Following is the configuration you are required to do on the router for SSH to work :

R1(config)#ip domain-name protocoholic.com
R1(config)#crypto key generate rsa
% You already have RSA keys defined named R1.protocoholic.com.
% Do you really want to replace them? [yes/no]: yes
Choose the size of the key modulus in the range of 360 to 2048 for your
 General Purpose Keys. Choosing a key modulus greater than 512 may take
 a few minutes.

How many bits in the modulus [512]:1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
*Apr 19 13:52:06.545: %SSH-5-ENABLED: SSH 2.99 has been enabled
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#exit
R1(config)#username cisco privilege 15 password cisco

Following is the wireshark capture  for your reference:

ssh-pcap.jpg
SSH-wireshark

To access Cisco router via SSH you can use any tool like putty.

Putty

At this point you should be able to login to the device via SSH. My next post in this series will explain the use of python library paramiko to SSH into the Cisco router.

In case you are interested to know how to SSH to a Cisco router with the help of python program you can check my blog SSH with python

Stay Tuned for more…

Leave a Reply