There are 3 main steps needed to be followed in order to setup SSH on a Cisco Switch. Each of the 3 parts will have a few sub-steps as well. One thing you will have to decide early on is how you are going to authorize your users. Are you going to use a local username/password database on the switch or are you going to centrally manage it using a Radius server?
For this example we are going to use local usernames and passwords. This allows the post to remain a bit more Cisco neutral as well as give you the foundation once you are willing to tackle RADIUS authentication. I hope in a few weeks to post on how to do it with a Microsoft RADIUS server.
Cisco SSH Setup – Part One
- First enter global configuration mode by typing “conf t”
- Enter VTY configuration. Type “line vty 0 15”
- Edit the Telnet/SSH authentication by typing “login local”. This will tell the switch to use it’s own local database.
- Type “exit” to leave the VTY line configuration
Cisco SSH Setup – Part Two
- Add local user account to the switch. To do this type: “username jared password MySecretPassword”.
Cisco SSH Setup – Part Three
- Specify the domain name: “ip domain-name domain.com”
- Create Key “crypto key generate rsa”
- Tell it to use 1024bits
- Tell the switch to use SSH ver. 2: “ip ssh version 2”
Bonus SSH Setup Step
- Prevent people from using telnet and force people to use use SSH. Type: “transport input ssh”. This commandwr has to be run under the “vty line configuration”.
Once you have tested the login you will want to test the username and password combo 🙂
Here’s some screenshots: