Configuration snippet I use to enable SSH on Cisco 2811 ISR and Catalyst 3560, but it will work on all Cisco IOS devices with appropriate IOS image which allows SSH to be enabled (IOS which has k9 in image name contains crypto compnents which allow to enable SSH).
1. First we should enter configuration mode and create username with password and enable secret:
conf t username labadmin password cisco123 enable secret secret123
2. After that we can assign hostname and domain to router/switch as this is base to generate encryption key later:
hostname labisr-01 ip domain-name laboratory.ltd crypto key generate rsa Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 2048 % Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
NOTE: On the command list above you can see some system-generated messages which will appear on the screen once you initiate crypt key generate rsa command
3. Last step is to make sure that SSH v2 will be enforced and that SSH will be he only protocol accepted on virtual terminal lines when someone will try to access device:
ip ssh version 2 line vty 0 15 no password transport input ssh login local
NOTE: We also madeĀ sure that no password for potential telnet conenctions will be assign to virtual terminals by issuing no password statement