Configure SSH in IOS

Version 8

    Use the following commands in IOS to configure SSH. It may apply for all the IOx devices such as ISR819(C819), CGR1120/1240, and IR829/809.


    enableEnter privilege execution mode
    conf termEnter configuration mode
    enable password cisco123create enable password

    username admin password cisco123

    ip domain name

    Create the "admin" user and password

    add a domain name

    crypto key generate rsa modulus 1024 label SSHCreate RSA keys for SSH
    ip ssh rsa keypair-name SSHAssociate the RSA keys with SSH
    ip ssh version 2Enable SSH version 2
    line vty 0 4Enable remote login
    transport input ssh telnetEnable SSH access on the lines
    exec-timeout 0disble remote login timeout
    login localIn case of "no aaa new-model". No need to run it if it is “aaa new-model”, for details, please refer to the notes at the end of this post.
    interface GigabitEthernet2/1Begin configuring the interface for connection with ISP.  If you connected another ethernet interface please substitute it's name in this command.
    no switchportConvert interface to Layer 3
    ip address I/F IPv4 address. Substitute IPv4 address and mask here with IPv4 address (global static or private)
    no shutdownEnable interface
    exitExit interface configuration
    ip route default route.  Substitute the gateway address.
    exitExit configuration
    copy running startupSave Config in Flash memory -- This may be deferred till all the configs have been tested.

    Please notify, for the authentication, the aaa new-model command causes the local username and password on the router to be used in the absence of other AAA statements. Instead of no aaa new-model, you can use the login local command.