Configuring Secure Shell (SSH)
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2
ip ssh version [1 | 2]
Example:
Switch(config)# ip ssh version 1
Step 3
ip ssh {timeout seconds |
authentication-retries number}
Example:
Switch(config)# ip ssh timeout 90
authentication-retries 2
Step 4
Use one or both of the following:
• line
vtyline_number[ ending_line_number ]
• transport input ssh
Example:
Switch(config)# line vty 1 10
or
Switch(config-line)# transport
input ssh
OL-29434-01
Purpose
Enters the global configuration mode.
(Optional) Configures the switch to run SSH Version 1 or SSH Version 2.
• 1—Configure the switch to run SSH Version 1.
• 2—Configure the switch to run SSH Version 2.
If you do not enter this command or do not specify a keyword, the SSH server
selects the latest SSH version supported by the SSH client. For example, if the
SSH client supports SSHv1 and SSHv2, the SSH server selects SSHv2.
Configures the SSH control parameters:
• Specify the time-out value in seconds; the default is 120 seconds. The
range is 0 to 120 seconds. This parameter applies to the SSH negotiation
phase. After the connection is established, the switch uses the default
time-out values of the CLI-based sessions.
By default, up to five simultaneous, encrypted SSH connections for
multiple CLI-based sessions over the network are available (session 0 to
session 4). After the execution shell starts, the CLI-based session time-out
value returns to the default of 10 minutes.
• Specify the number of times that a client can re-authenticate to the server.
The default is 3; the range is 0 to 5.
Repeat this step when configuring both parameters.
(Optional) Configures the virtual terminal line settings.
• Enters line configuration mode to configure the virtual terminal line
settings. For line_number and ending_line_number, specify a pair of
lines. The range is 0 to 15.
• Specifies that the switch prevent non-SSH Telnet connections. This limits
the router to only SSH connections.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
Configuring the SSH Server
91