SSH Commands
Command Meaning
ip ssh authentication-retries Sets the max failed attempts up to 120.
line vty first-line last_line Chooses your VTY lines to configure.
transport input ssh telnet Tells the router to use SSH and then Telnet. You do not
need the telnet command at the end of the line, but
Here’s an example of how you set up SSH on a router:
1. Set your hostname:
Router(config)#hostname Todd
2. Set the domain name (both the hostname and domain name are required for the encryption
keys to be generated):
Todd(config)#ip domain-name Lammle.com
3. Generate the encryption keys for securing the session:
Todd(config)#crypto key generate rsa general-keys modulus ?
<360-2048> size of the key modulus [360-2048]
Todd(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: Todd.Lammle.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
*June 24 19:25:30.035: %SSH-5-ENABLED: SSH 1.99 has been enabled
4. Set the maximum idle timer for an SSH session:
Todd(config)#ip ssh time-out ?
<1-120> SSH time-out interval (secs)
Todd(config)#ip ssh time-out 60
5. Set the maximum failed attempts for an SSH connection:
Todd(config)#ip ssh authentication-retries ?
<0-5> Number of authentication retries
Todd(config)#ip ssh authentication-retries 2
6. Connect to the VTY lines of the router:
Todd(config)#line vty 0 1180
7. Last, configure SSH and then Telnet as access protocols:
Todd(config-line)#transport input ssh telnet