Home » Cisco » Cisco – Enable SSH

Cisco – Enable SSH

Difficulty Level    

This is a very basic tutorial on how to get SSH running on a Cisco router.  We’re going to set the hostname of the router, set the domain-name, setup a user, generate a private key and enable ssh on the virtual terminal interfaces.  Some of this might already be done, such as hostname and domain name, but they are required to get SSH to work, so we’ll go over it anyways.  If its already set, there isnt any need to change it.

How I have this written is as follows:

  • Bold is what you need to input into the router
  • Anything inside <xxx> is an option or name you get to choose.

Here goes…

  1. Router> enable
  2. Router# conf t
  3. Router(config)# hostname <gateway> 
  4. Router(config)# ip domain-name <domain.local>
  5. Router(config)# username <cisco> privilege 5 secret <Password123>
  6. Router(config)# aaa new-model
  7. Router(config)# aaa authentication login default local
  8. Router(config)# aaa authorization exec default local
  9. Router(config)# crypto key generate rsa
    • Make sure the Modulus is at least 2048, if you have an older router it might default to 512.
    • If you leave it at 512, quit now.  There’s no hope for you.
  10. Router(config)# ip ssh time-out <60>
  11. Router(config)# ip ssh authentication-retries <2>
  12. Router(config)# line vty 0 4
  13. Router(config)# transport input ssh


Don’t forget to do a ‘write mem’ and ‘copy running-config startup-config’, or you’ll be doing this all over again next time you reboot your router.