Setting-up an SSH connection to a Cisco device can provide a lot of pros for the configuration of the hardware. It allows remote administration, and adds a security layer because you can get rid of the physical serial cable (making the physical computer vulnerable).



To allow the remote connection, at least one IP address must be configured on an interface:

ip add [IP_ADDRESS] [MASK]

Note: When using a switch, the IP address should be configured on a VLAN. The VLAN must be set on an interface.

It is mandatory to configure a hostname and a password for the privileged execution mode (“enable”):

hostname [NAME]
enable password [PASSWORD]


The first step is to configure a domain name (here, test.lan) on the device:

ip domain-name test.lan

Then you can generate the RSA key that will be used for SSH encryption:

crypto key generate rsa

Note: It is recommended to choose a key length of at least 2048 for security purpose.

A user account is also required for the SSH connection. Here is the command to create one:

username [NAME] password [PASSWORD]

We will now configure virtual lines to welcome SSH connection.

Creation of 5 virtual console lines (you can create more or less):

line vty 0 4

Select “SSH” as transport mode for data transporting:

transport input ssh
transport output ssh

Enforce the usage of a local account for the virtual console lines:

login local


Device timestamp

It may be required to change the device clock time to create the key:

clock set hh:mm:ss month day year

Here is an example to set the date to January, 1, 2000, 3:30 p.m. (the month must be specified on 4 characters):

clock set 18:30:00 Janu 01 2000

Safe password policy

Cisco devices accepts different level of password encryption. It is recommended to select password of type 5 and 7. All the commands to set that up can be found of the official Cisco website .