Remote Access (SSH)
SSH is a protocol that allows you to remotely access and manage a network device. Let’s get SSH configured.
Generate Public/Private Key Pair
Start by generating the required public and private key pair used by SSH to secure the connection. You’ll be prompted to provide a key size. As of today (2024) it’s recommended to you choose a key size of at least 2048.
Switch (config)# crypto key generate rsa
The name for the keys will be: Switch.ad.twobyte.blog
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 13 seconds)
Switch (config)#
Enable Version 2
Ensure version 2 of the SSH protocol is enabled.
Switch (config)# ip ssh version 2
Allow SSH Connections
Lastly, tell the switch to allow connections via SSH.
Switch (config)# line vty 0 15
Switch (config-line)# transport input ssh
Optional
These are optional but recommended settings to configure.
Enable SCP (Optional)
SCP (Secure Copy Protocol) allows you to transfer files to and from the Cisco device via the SSH protocol. It’s handy when wanting to copy over new IOS images or pull configuration files. To enable this service, run the following command.
Switch (config)# ip scp server enable
Inactivity Timeout (Optional)
By default, you’ll be logged out of your SSH session after 15 minutes of inactivity. To extend this, use the exec-timeout command.
Switch (config)# line vty 0 15
Switch (config-line)# exec-timeout <minutes>