How to Enable and Configure SSH on Cisco Switches

Last updated: Nov 9, 2024

Here we'll look at how to enable the ssh server on Cisco catalyst Switches.

Configuration

Switch model: Cisco Catalyst 1000 Series Switches

Configuring the ssh server

Configure

Set Hostname (this is a prerequisite):

Switch(config)# hostname <StSwitch>

Set the ip address, as shown here with vlan1 interface:

StSwitch(config)# interface vlan1
StSwitch(config-if)# ip address 192.168.1.100 255.255.255.0
StSwitch(config-if)# no sh

Create a user:

StSwitch(config)# username ssh_user privilege 15 secret <StPassword>

Generate an rsa key:

StSwitch(config)# crypto key generate rsa usage-keys label std-rsa-keypair modulus 4096

Set the ssh version (this is normally the default setting):

StSwitch(config)# ip ssh version 2

Define DH group:

StSwitch(config)# ip ssh dh min size 4096

Enable only ssh (which disables telnet) on vty:

StSwitch(config)# line vty 0 15
StSwitch(config-line)# transport input ssh
StSwitch(config-line)# login local

Optional

Enable scp:

StSwitch(config)# ip scp server enable

Set a 15m timeout delay for ssh sessions:

StSwitch(config)# line vty 0 15
StSwitch(config-line)# exec-timeout 15

Automatically closes incoming ssh connections that have been terminated:

StSwitch(config)# service tcp-keepalives-in

Enable ssh logging:

StSwitch(config)# ip ssh logging events

Login with a public key (without password)

From your client host, copy your pubkey, as shown here in .ssh/id_rsa.pub:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDxtzImfgV3cP65wmmzACuGufkdo723NNq12lmu4WjhRIp+9mMe6ELx748sHYOkDtQtCLkrqMk+I6/kaTCxWr67dYn0l1KOD6MTTPOiAskzXiExQ6L0TJXFbRLzb7NREI4DAhEmL6oqHnvur96ddO0NIpjwSU817twabycw7xDTJKSsZpsUfcUSM6bqXjFUlYpP1TdKuujMew4flS5Eg5h7vjjk2S/obcHYj1JnjyHhLxvvItFezdK1sPj7P5tzYafXMmx3uskdjhV4Dcw8cEXA8x47A+MzWMqE30NR5OENG9PqDN5kGCoRSoEnlkhFKTrP/RMa+ElJuOachuM0ptRhVjmh9dXydMbpKM3liuUED1gYWhLdv2CQLatyz5HLeBF8PsegY7lSKTyuwpuLbwsJ9ipXktsuj/FAoU56xeEs1h83df7bPFlVhKZLCmoxIftKuEAaD4QTHvSONKQa94PN2I3INYW6DN9iXHyiG+G8/l3RFrkv6zu7KMN0gEv0BzTODgcyFCPosoZFmrHeqcXjW9K5Bc7JOJCTxvxPOcLAlXo70OUNv+bZkDEGTdz8nWs8qttWn0Jndc6PxaziyprDbMCt0Zv8CrWRzgAWkEovA3RrGPQQMz7KhJ5LPV5cL9ErXx4O410rxH/ZuK0/sRDH6+zwqvv8kNrPXmhfiUAjHw== user@sthost

Enter the account management menu and add the public key:

StSwitch(config)# ip ssh pubkey-chain
StSwitch(conf-ssh-pubkey)# username ssh_user
StSwitch(conf-ssh-pubkey-user)# key-string
StSwitch(conf-ssh-pubkey-data)# <Paste client public key here. ⚠️By block of 254 characters maximum!⚠️>
StSwitch(conf-ssh-pubkey-data)# exit
StSwitch(conf-ssh-pubkey# exit

References

https://www.ssi.gouv.fr

Computing

Music

Misc