# SSH Configuration on a Cisco Router

SSH (Secure Shell) is a secure method of remotely accessing and managing network devices. Unlike Telnet, which transmits data in <mark style="color:red;">**plaintext**</mark>, SSH <mark style="color:red;">**encrypts**</mark> communication, enhancing security.

### <mark style="color:blue;">**Step 1: GNS3 Topology Setup**</mark>

Before configuring SSH, we need a basic network topology in GNS3.

<figure><img src="/files/Ax7FQmdTt5kWm8HIkPnU" alt=""><figcaption><p>Topology</p></figcaption></figure>

### <mark style="color:blue;">**Step 2: Configuring SSH on the Cisco Router**</mark>

Follow these steps to enable SSH on the router.

#### **1. Assign a Hostname and Domain Name**

SSH requires both a hostname and a domain name.

```
Router(config)#hostname R1
R1(config)#ip domain-name nerd-cafe.ir
```

#### **2. Generate RSA Keys for Encryption**

SSH requires RSA key pairs for secure communication. Generate a key of at least **1024 bits**.

```
R1(config)#crypto key generate rsa
The name for the keys will be: R1.nerd-cafe.ir
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 8 seconds)

R1(config)#
```

Use at least 1024 bits for security; 2048 bits is recommended for strong encryption.

#### **3. Create a Local User Account for SSH Access**

Define a username and password for SSH authentication.

```
R1(config)#username admin privilege 15 secret cisco@123
```

#### **4. Enable the SSH v2 Protocol**

To enhance security, configure the router to use SSH Version 2.

```
R1(config)#ip ssh version 2
```

#### **5. Configure the VTY Lines for SSH Access**

The <mark style="color:red;">**VTY (Virtual Teletype) lines**</mark> handle remote access. Restrict access to SSH and apply local authentication.

```
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local
R1(config-line)#
```

#### **6. Assign an IP Address to the Router**

Since SSH requires an IP address, configure an interface with a valid IP.

```
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.202.1 255.255.255.0
R1(config-if)#no shutdown
```

#### **7. Enable SSH on the Router**

Verify SSH is running by checking its status.

```
R1#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCQMTqrQdGuOT3AxrYcipdF5tcYDyGiutxTCHC4oP1w
wI7RScvwlIpqsOzy3S2tvrZOhObJZDQ/y25Cb3ZviORGGMwX9sazRAhy15lVPh6MObsYHAexarzwOZQL
bhVbAyJlCb6Wz0AU9NnHvRMSFO78INYA5mKaXR+5ZJEt0edEpR8NvsApzEL/6zbdf0tU6SEHvaWsiMwq
K54w7GghDGyIp5xxZAq0df8vFg95JQ3Ba9seff4E56NiidGwHxRLtJYeOEP1+u10lRPIcdVuT107vFeC
jpo7L2Imc9WQUecLT9oZ39SrweJ/dvicJmR8V8vmrNqxceNPCCspzXuekuRj
R1#
```

### <mark style="color:blue;">**Step 3: Configuring the PC for SSH Access**</mark>

#### **1. Assign an IP Address to the PC**

* Set **IP Address:** 192.168.1.2
* **Subnet Mask:** 255.255.255.0
* **Default Gateway:** 192.168.1.1

```
PC1> ip 192.168.202.11/24 192.168.202.1
Checking for duplicate address...
PC1 : 192.168.202.11 255.255.255.0 gateway 192.168.202.1

PC1> show ip

NAME        : PC1[1]
IP/MASK     : 192.168.202.11/24
GATEWAY     : 192.168.202.1
DNS         :
MAC         : 00:50:79:66:68:00
LPORT       : 20006
RHOST:PORT  : 127.0.0.1:20007
MTU         : 1500

PC1> save
Saving startup configuration to startup.vpc
.  done

PC1>
```

#### **2. Connect via SSH Using a Terminal Emulator**

Use **PuTTY**, **SecureCRT**, or the built-in SSH client in Linux/macOS.

<figure><img src="/files/9XDXTlACinqT4INqaOQR" alt=""><figcaption></figcaption></figure>

### <mark style="color:blue;">Keywords</mark>

`SSH configuration`, `Cisco router`, `GNS3 simulation`, `secure remote access`, `SSH encryption`, `RSA key generation`, `SSH authentication`, `VTY lines`, `IP addressing`, `SSH version 2`, `SSH client`, `SSH login`, `Cisco SSH commands`, `SSH troubleshooting`, `secure shell`, `network security`, `remote management`, `PuTTY SSH`, `Linux SSH command`, `SSH best practices`, `CCNA`, `سیسکو`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://netsec.nerd-cafe.ir/network-engineering/ccna/ssh-configuration-on-a-cisco-router.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.