How to configure ssh service on Cisco switches from CLI

Last updated: Nov 6, 2021

We will see here how to enable ssh server on Cisco catalyst Switches.

Configuration

Switch model : Cisco Catalyst 1000 Series Switches

Configuring the ssh server

Configure

Set Hostname (which is a prerequisite) :

Switch(config)# hostname <StSwitch>

Set ip address, example here with vlan1 interface :

StSwitch(config)# interface vlan1
StSwitch(config-if)# ip address 192.168.1.100 255.255.255.0
StSwitch(config-if)# no sh

Create a user :

StSwitch(config)# username ssh_user privilege 15 secret <StPassword>

Generate rsa key :

StSwitch(config)# crypto key generate rsa usage-keys label std-rsa-keypair modulus 4096

Set ssh version (this is normally the default configuration) :

StSwitch(config)# ip ssh version 2

Set DH group :

StSwitch(config)# ip ssh dh min size 4096

Enable ssh only (which disable telnet) on vty :

StSwitch(config)# line vty 0 15
StSwitch(config-line)# transport input ssh
StSwitch(config-line)# login local

Optional

Enable scp :

StSwitch(config)# ip scp server enable

Set 15m timeout to ssh sessions :

StSwitch(config)# line vty 0 15
StSwitch(config-line)# exec-timeout 15

Automatically closes incoming ssh connections that are terminated :

StSwitch(config)# service tcp-keepalives-in

Enable ssh logging :

StSwitch(config)# ip ssh logging events

Connect with public key (Passwordless)

Configure

From your Client host, copy your pubkey, example here with .ssh/id_rsa.pub file :

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDxtzImfgV3cP65wmmzACuGufkdo723NNq12lmu4WjhRIp+9mMe6ELx748sHYOkDtQtCLkrqMk+I6/kaTCxWr67dYn0l1KOD6MTTPOiAskzXiExQ6L0TJXFbRLzb7NREI4DAhEmL6oqHnvur96ddO0NIpjwSU817twabycw7xDTJKSsZpsUfcUSM6bqXjFUlYpP1TdKuujMew4flS5Eg5h7vjjk2S/obcHYj1JnjyHhLxvvItFezdK1sPj7P5tzYafXMmx3uskdjhV4Dcw8cEXA8x47A+MzWMqE30NR5OENG9PqDN5kGCoRSoEnlkhFKTrP/RMa+ElJuOachuM0ptRhVjmh9dXydMbpKM3liuUED1gYWhLdv2CQLatyz5HLeBF8PsegY7lSKTyuwpuLbwsJ9ipXktsuj/FAoU56xeEs1h83df7bPFlVhKZLCmoxIftKuEAaD4QTHvSONKQa94PN2I3INYW6DN9iXHyiG+G8/l3RFrkv6zu7KMN0gEv0BzTODgcyFCPosoZFmrHeqcXjW9K5Bc7JOJCTxvxPOcLAlXo70OUNv+bZkDEGTdz8nWs8qttWn0Jndc6PxaziyprDbMCt0Zv8CrWRzgAWkEovA3RrGPQQMz7KhJ5LPV5cL9ErXx4O410rxH/ZuK0/sRDH6+zwqvv8kNrPXmhfiUAjHw== user@sthost

Enter the account management menu and add the public key :

StSwitch(config)# ip ssh pubkey-chain
StSwitch(conf-ssh-pubkey)# username ssh_user
StSwitch(conf-ssh-pubkey-user)# key-string
StSwitch(conf-ssh-pubkey-data)# <Paste client public key here. ⚠️By block of 254 characters maximum!⚠️>
StSwitch(conf-ssh-pubkey-data)# exit
StSwitch(conf-ssh-pubkey# exit

References

https://www.ssi.gouv.fr

Computing

Music

Misc

How to configure ssh service on Cisco switches from CLI

Configuration

Configuring the ssh server

Configure

Optional

Connect with public key (Passwordless)

Configure

References