Setting up SSH Secure Shell

To enable secure access to your Cisco device, you can use SSH instead of Telnet. SSH uses encryption to secure data from eavesdropping.

To enable SSH, the following steps are required:

1. set up a hostname and and a domain name.
2. configure local username and password.
3. generate RSA public and private keys.
4. allow only SSH access.

The following example shows the configuration of the first three steps:

Router(config)#hostname R1
R1(config)#ip domain-name cisco
R1(config)#username study password ccna
R1(config)#crypto key generate rsa
The name for the keys will be:
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]

*Jun 8 16:46:45.407: %SSH-5-ENABLED: SSH 1.99 has been enabled

First, we have defined the device hostname by using the hostname R1 command. Next, we have defined the domain name by using the ip domain-name cisco command. After that, the local user is created by using the username study password ccna command. Next, we need to enable only the SSH access to a device. This is done by using the transport input ssh command:

R1(config)#line vty 0 15
R1(config-line)#login local
R1(config-line)#transport input ssh


If we use the transport input ssh command, the telnet access to the device is automatically disabled.

You should use the more recent version of the protocol, SSH version 2. This is done by using the ip ssh version 2 global configuration command.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: