Configure SSH in IOS

Document created by adewanga on Jul 29, 2014Last modified by szhang2 on Jun 15, 2016
Version 8Show Document
  • View in full screen mode

Use the following commands in IOS to configure SSH. It may apply for all the IOx devices such as ISR819(C819), CGR1120/1240, and IR829/809.


enableEnter privilege execution mode
conf termEnter configuration mode
enable password cisco123create enable password

username admin password cisco123

ip domain name

Create the "admin" user and password

add a domain name

crypto key generate rsa modulus 1024 label SSHCreate RSA keys for SSH
ip ssh rsa keypair-name SSHAssociate the RSA keys with SSH
ip ssh version 2Enable SSH version 2
line vty 0 4Enable remote login
transport input ssh telnetEnable SSH access on the lines
exec-timeout 0disble remote login timeout
login localIn case of "no aaa new-model". No need to run it if it is “aaa new-model”, for details, please refer to the notes at the end of this post.
interface GigabitEthernet2/1Begin configuring the interface for connection with ISP.  If you connected another ethernet interface please substitute it's name in this command.
no switchportConvert interface to Layer 3
ip address I/F IPv4 address. Substitute IPv4 address and mask here with IPv4 address (global static or private)
no shutdownEnable interface
exitExit interface configuration
ip route default route.  Substitute the gateway address.
exitExit configuration
copy running startupSave Config in Flash memory -- This may be deferred till all the configs have been tested.

Please notify, for the authentication, the aaa new-model command causes the local username and password on the router to be used in the absence of other AAA statements. Instead of no aaa new-model, you can use the login local command.