How to Configure SSH on a Cisco Router in Cisco Packet Tracer

Leave a Comment / By /

SSH (Secure Shell) is a secure method for remote access to network devices, providing authentication and encryption. It achieves this by utilizing an RSA public/private keypair. Securing communication channels between devices is crucial for maintaining the confidentiality and integrity of data.

While one of the most common methods for remotely accessing a Cisco router is using Telnet, it is considered insecure as data is transmitted unencrypted. Therefore, in situations where privacy and security are paramount, SSH is preferred.

In this post, I will demonstrate how to configure SSH on a Cisco Router in Packet Tracer.

Let’s begin.

Network Topology

Our network setup consists of a router (R1) connected to a PC. In this demonstration, we will configure SSH on the Cisco router and then try to login to it from the PC using the configured authentication details.

network topology for telnet configuration

How to Configure SSH on a Cisco Router

Here are steps to Configure SSH on a Cisco Router;

Step 1: Configure Router’s Interface

Router(config)#hostname R1
R1(config)#interface ethernet0/0
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#ip domain-name cisco.lab

Step 2: Configure SSH Protocol on the Router

R1(config)#crypto key generate rsa
R1(config)#ip ssh version 2
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local
R1(config-line)#exit
R1(config)#username admin privilege 15 secret 12345

Here’s a brief explanation for each of the commands used in Step above;

  1. crypto key generate rsa: This command is used to generate RSA encryption keys on the router. RSA keys are necessary for secure communication protocols like SSH. The router generates a public and private key pair which are used to encrypt and decrypt data transmitted over the SSH connection.
  2. ip ssh version 2: This command specifies the SSH version to be used on the router. In this case, SSH version 2 is explicitly set. SSH version 2 is more secure compared to version 1 and provides improved encryption algorithms and security features.
  3. line vty 0 4: This command enters the configuration mode for the virtual terminal (VTY) lines on the router. VTY lines are used for remote access to the router over protocols like SSH, Telnet, etc.
  4. transport input ssh: This command configures the VTY lines to accept incoming SSH connections only. By specifying “ssh” as the transport input protocol, the router restricts remote access to SSH sessions, enhancing security by disallowing less secure protocols like Telnet.
  5. login local: This command instructs the router to use local authentication for SSH login attempts on the VTY lines. When a user attempts to connect via SSH, the router prompts for a username and password stored locally on the device.
  6. username admin privilege 15 secret 12345: This command creates a local user account named “admin” with administrative privileges (level 15) and sets a password (“12345”) for authentication. This account will be used for SSH login authentication, ensuring secure access to the router’s configuration.
ALSO READ:  First Generation Mobile Phones (1G phones)

Step 3: Configure PC

Configure IP address to the PC as labeled in the network topology above.

configuring the host devices

Step 4: Test the SSH Connection

Cisco Packet Tracer PC Command Line 1.0
C:\>ssh -l admin 192.168.12.1
Password: 12345
R1#

Related: How to configure Telnet on Cisco Router in packet tracer

Reference: https://github.com/misterkrittin/CCNA-Labs

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top