SSH for Network Devices

From Braindisconnect
Jump to navigationJump to search

Secure Shell or SSH is a secure protocol for connecting to network device and servers. There are, as of the writing, two version of SSH, version 1 and 2. Version 2 is preferred since it is more secure.


SSH is on by default.


Configure the Domain Name

You must configure the domain name in order to generate the ssh encryption key.

router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#ip domain-name <domain name>

Generate the Crypto Key

You should also make sure you are using high bit encryption since some *nix OS's will refuse connections stating the modulus is too small. 1024 is recommended.

router(config)#crypto key generate rsa
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 0 seconds)

Force SSH version 2

SSH version 2 is recommended for best security practices.

router(config)#ip ssh version 2

Enable the Secure Copy Server

Secure Copy or scp is used for downloading or uploading default configurations and IOS.

router(config)#ip scp server enable 

Configure the VTY Lines

You need to configure the VTY lines to lock down the acceptable protocol and it is recommended that the VTY lines are locked down with an ACL.


Generate the Crypto Key

Generate the RSA for HP ProCurves.

crypto key generate ssh rsa 

Enable SSH and Secure Copy Server

ip ssh
ip ssh version 2
ip ssh filetransfer

no telnet-server
no web-management