(9 votes, average: 4.56 out of 5)
Loading ...Tue 17 Apr 2007
This tutorial will show you how to enable ssh on a cisco router. In order to use ssh for terminal access, you must have an image that supports encryption. Sometimes, but not always, the encryption feature set can be recognized by the ‘k9′ in the image name. Click Image to play tutorial: 
May 27th, 2007 at 6:37 am
[...] Cisco - How to enable ssh on a router [...]
August 12th, 2007 at 2:32 am
Lr8 blinding…
really anyone will understand in a simple language..
well done mate.
Cheers
Pushkar Bhatkoti
October 15th, 2007 at 2:34 am
thank you.
December 19th, 2007 at 1:42 am
I try to do the same like that but when i try to connect, it display:
login as:
password:
I don’t know what username and password should i use? Or i need to configure username and password first? Please instruct me!
Thanks
December 19th, 2007 at 8:40 am
@hhs
I have never experienced this before. Can you post the output? Start with logging into the router through the password: prompt.
Josh
December 19th, 2007 at 9:29 pm
I am using putty.
- I put the ip address and choose connection type to ssh and then click open.
- It display one dialog “putty security alert” and i click yes.
- On putty windows it show:
Login as:
(I don’t know what to put here?)
@172.16.1.1’s password:
(I don’t know what to put)
* If i try telnet password, it show me Access denied and ask for a password again.
December 19th, 2007 at 11:23 pm
HHS,
It sounds like you have local authentication turned on. Did you configure a username and password? Did you start this configuration.
Try this…
If you can get into config mode via the console, enter this command with your own username and password.
‘username josh password Bl1ndh0g’
Josh
December 21st, 2007 at 2:02 am
Yeah, thanks. It’s working now. Thanks for ur help
February 13th, 2008 at 8:49 am
Josh,
I have a Cisco 3640 router and have followed your tutorial; however, when I try to log in using my established username and password it fails to authenticate my credentials. Again, I configured the domain name, generated the rsa key, set up a username and password but I cannot get logged in via ssh? any ideas? I am using image c3640-ik9o3sw6-mz-122-8t. Thanks.
April 25th, 2008 at 4:16 am
some new versions where can i get downloads
syed
May 14th, 2008 at 6:44 am
Good job ..i understood in just two min.
Thanks!!
June 4th, 2008 at 8:28 pm
Good tutorial, need revision, last 2 step:
router(config)#aaa new-model
router(config)#username blindhog passwword blindhog
thx
June 4th, 2008 at 9:56 pm
@Ibrahim,
Good point. Here are two different tutorials for local and radius authentication with Microsoft Internet Authentication service.
http://www.blindhog.net/cisco-aaa-local-authentication/
http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/
Josh
August 31st, 2008 at 9:52 am
IOS = 3600 Software (C3660-JK9S2-M), Version 12.4(15)T,
after i successfully create the domain name, i then run:
ISP(config)#crypto key generate rsa usage-keys modulus 1024
The following is the result:
ISP(config)#crypto key generate rsa usage-keys modulus 1024
The name for the keys will be: ISP.TESTING
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
crypto_lib_keypair_get failed to get ISP.TESTING
ISP(config)#
Any idea why the failure?
thanks,
jim
August 31st, 2008 at 10:29 pm
Jim,
This one is new to me…
You might try a different ios image. I was not able to replicate the issue in my lab with the hostname ISP and the domain TESTING.
Josh
September 5th, 2008 at 6:13 pm
Nice tutorial.
I echo Ibrahim’s comment (#12) that it’s worth including aaa new-model. While most real-world installations have this enabled, someone using this in a minimal lab environment might not, and then not understand why authentication fails.
I also recommend the following additional configuration options:
! Enable SSHv2 only (disables SSHv1)
ip ssh version 2
! Enable SSH only on virtual terminals (disables telnet)
line vty 0 4
transport input ssh
September 23rd, 2008 at 9:35 pm
Geoff,
You and Ibrahim are both correct. Thanks for sharing!
Josh