SSH, also known as Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer.

To have a secure connection to Cisco devices, we don’t use Telnet. Because Telnet sends the password in plain Text. If you use kind of sniffer tools such as Wireshark, you can see exact password is passing to the device. So, for having secure connection all system administrators use SSH.

There are 5 steps for creating SSH connection, which are namely:

  1. Create a hostname

  2. Create a domain name

  3. Generate RSA key

  4. Create a local account

  5. Allow SSH in vty line

SW1# conf t
SW1(config)# hostname SW1
SW1(config)# ip domain name HRT
SW1(config)# crypto gen key rsa
SW1(config)# ip ssh version 2
SW1(config)# username mona password/secret cisco
SW1(config)# line vty 0 5
SW1(config-line)# transport input telnet/ssh/all
SW1(config-line)# login local

In line 4, length of RSA key depends on the device. Some devices support more than 1024 or 2048.

In line 6, you can use password or secret, as I told you in previous section, secret encrypts your password in running-config, but password is shown in clear text.

In line 8, you can select telnet, ssh or both of them to allow in vty line. In other words, if you select all, ssh users and telnet users can connect through vty line