Enable SSH on Cisco Switch: Configure and Setup

Secure Shell (SSH) is an essential protocol for managing IT infrastructure production devices such as servers, routers, switches, etc. It provides a secure connection from client to server, unlike traditional management protocols like Telnet.

For IT professionals, it is important to understand how to enable SSH on a Cisco switch or any other device for that matter (Steps for configuring SSH are almost the same on most of the Cisco devices). Using SSH, they manage and maintain infrastructure securely and efficiently.

Cisco networking training and certifications such as CCNA cover the importance of SSH over telnet to ensure network administrators are well aware to implement, operate, and manage secure connections in their network environment. 

In the field of IT, keep yourself updated with the latest technologies and best practices. This is where CCNA live training comes into the picture. It offers an interactive learning experience. Through these courses, candidates can gain hands-on experience in configuring network devices including setting up SSH on Cisco switch and many more scenarios crucial in a production environment.

In case you only wish to learn to configure SSH on a Cisco switch then this blog article is more than enough for you. If you seek to achieve the certification and live CCNA training online then feel free to contact our learning advisors. 

Contact learner advisor

In this blog, I will explain how to enable SSH on a Cisco switch with step-by-step configuration instructions, from generating key pairs to configuring VTY lines and applying another security setting. Then it will also cover steps for verifications and commands.

Here I have created a very simple topology to understand the SSH setup, in this topology there is a central Cisco Switch (SW) which is directly connected to Cisco routers R01 and R02.

Setup SSH on Cisco Switch - Topology

Configure SSH on Cisco Switch - Tasks

● Enable SSH on Cisco Switch SW given in the above topology

● Configure SSH version 2 and use 1024 bit key module to setup SSH on Cisco Switch 

● Configure the domain name uninets.com and authenticate SSH clients using the username "cisco" and the password "cisco123"

● Follow tight security standards and do not allow telnet connection on the switch and make sure the password is secure with type 5 encryption

● Both R01 and R02 should be able to SSH SW1 for its configuration management

Before moving to the SSH configuration, first configure the IP addresses and other devices and verify the basic connectivity. Both ports of the SW are in access VLAN 10, A layer 3 SVI VLAN 10 is created for its management IP address 10.0.0.10/24

SW:

On both routers R1 and R2, configure only IP address 10.0.0.1/24 and 10.0.0.2/24 for providing IP reachability to SW

R01:

R02:

Verify the IP connectivity from SW to both R01 and R02

SSH full form is Secure Shell, it works at transport layer 4 of the TCP/IP model and uses TCP port number 22. SSH provides secure communication to access remote network devices for management purposes.

Two versions exist for the communication between the client and server. Both provide encrypted connections which makes communication secure.

Advance your Career With Cloud Computing CoursesContact Us Today! Get the Bundle Offers.Explore course

To configure SSH on the Cisco switch, we should configure the hostname, domain name, and privilege 15 username and password. Additionally, we can filter the remote communication protocol using the "transport input" line configuration mode. It has components such as "all", "telnet", "ssh", and "none".

In our case, we need to use "transport input ssh," which allows only the SSH connection to refuse the telnet communication. By default, SSH version 1.99 is enabled as soon as we generate the crypto key, which can be changed using the ip ssh version global configuration command.

Enable SSH on Cisco Switch - Configuration

Task #1 Configure hostname

hostname SW

Task #2 Configure domain name

ip domain name uninets.com

Task #2 Configure username and encrypted password

username cisco privilege 15 secret cisco123

Task #3 Generate RSA key pair of 1024 bit key module

crypto key generate rsa

Task #4 Enable local login and disable telnet

line vty 0 4 

 login local

transport telnet ssh

SW:

When you generate an RSA key pair, by default the key size is 512 so as per the task you have to change it to 1024 and you notice that the default version of SSH installed is 1.99 as shown below

Enable SSH in Cisco Switch - Configuration Verification

Initially, let's verify the public/private key generated by the Cisco switch SW to provide a secure remote connection to its clients. After that, we can test whether the clients can make the telnet or SSH connection or both.

Now also check the SSH version and the size of the key module

Let's try to telnet SW from R1 since on switch telnet is not allowed, the connections will refuse.

Now try to SSH to SW from R01 and R02, it will be a successful login using username Cisco.

You can also verify the ssh users login on the switch using the command "show users"

This concludes how to enable SSH on Cisco switches, the above configuration is strictly on Cisco switches however you can also enable SSH on Cisco routers using the same commands.