Sunday, July 06, 2014

Enabling SSH and block Telnet in Cisco Routers/Switches

SSH protocol encrypts the traffic between client and server in a remote session. So for network security purpose, we should enable only SSH access to networking devices.

Before enabling SSH, make sure we configured hostname and domain name properly. This will be used to store the name of the RSA key pair generated.  All the configurations are to be done in Global config mode.

hostname Router1
ip domain name ds.myorganization.in

Change hostname and 'ds.myorganization.in' domain name to your organization domain name. Now generate the RSA keys for SSH



crypto key generate rsa

This will ask the number of bits required for modulus function. Default is 512 bits but if we want to enable SSH version 2, bits should be more than 768. So, better keep 1024 bits.