With all of the security problems out there today, it amazes me that most of the world’s network infrastructure is still be controlled by telnet. Telnet flies across the network unencrypted which is simple for sniffer or password grabbing program to gobble up your passwords. Even if you have a separate network to manage your network equipment, the idea of sending your precious passwords in clear text is hard to justify. Newer Cisco equipment supports SSH for administration with any extra licenses or fees, so use it.
What is SSH? Secure Shell (SSH) has many great features, but the feature we will use today is SSH as an encrypted replacement for Telnet. You should not have to worry about losing your passwords to someone running a sniffer on the network.

I found several articles on Cisco’s site regarding SSH, so I wanted to boil it down and document what worked for me.

RouterA#conf t

RouterA(config)#hostname RouterA

RouterA(config)#ip domain-name routernotes.com

Encryption keys are identified by DNS name

RouterA(config)#crypto key generate rsa

<output abbreviated>

How many bits in the modulus [512] 1024

Choose 1024 because most clients will balk at anything less

RouterA(config)#ip ssh time-out 120

This command limits your authentication time to 120 seconds. You should be able to lookup/remember your password in two minutes.

RouterA(config)#ip ssh authentication-retries 4

This limits the number of failed connection tries

RouterA(config)#service tcp-keepalives-in
RouterA(config)#service tcp-keepalives-out

This keeps your SSH sessions from getting hung

RouterA(config)#line vty 0 4
RouterA(config-line)# transport input SSH

This limits incoming administration access to SSH only

Related posts:

  1. Authentication in Cisco IOSAdding username and password authentication to Cisco routers and switches...
  2. Showing the configuration at the interface levelOne of the pains about Cisco is that once you...
  3. Configure Port Mirrors on Cisco SwitchesSwitches make network troubleshooting a bit more difficult because not...
  4. Configure Port Channels in IOSPort Channels are a quick way to get more bandwidth...
  5. Troubleshoot CPU spikes on Cisco switches and routersCPU spikes on switches and routers can cause crazy problems...