Last Updated on 11/08/2025 by administrator
Configure SSH Cisco (Cisco IOS XE, Cisco NX-OS, Cisco IOS XR)
Configure SSH Cisco (Cisco IOS XE, Cisco NX-OS, Cisco IOS XR)
Motivation:
In today’s network security landscape, secure remote access to network devices is absolutely essential. SSH (Secure Shell) provides a safe way to manage and configure Cisco devices without the risk of intrusion or eavesdropping. This article will guide you through the complete SSH configuration process on the three most common Cisco operating systems — IOS XE, NX-OS, and IOS XR.
You will learn how to set up essential security parameters, generate encryption keys, and secure remote access to meet current enterprise security standards. The guide is intended for network administrators and IT professionals who want to understand the differences and specifics of implementing SSH across various Cisco platforms.
This is basic configuration for Cisco IOS XE, Cisco NX-OS, Cisco IOS XR:
Configure SSH Cisco IOS XE:
In the console, enable the terminal with the enable command and go to global configuration mode:
CAT8000V> enable CAT8000V# configure terminal
Configures hostname and the domain name for the device. Both are important for SSH because they’re used together to form the fully qualified domain name (FQDN), which is part of the RSA key generation process:
CAT8000v(config)# hostname CAT8000v CAT8000v(config)# ip domain name CAT8000v.local
Enable SSH version 2:
CAT8000v(config)# ip ssh version 2
Generates RSA keys for encryption:
CAT8000v(config)# crypto key generate rsa modulus 2048 The name for the keys will be: CAT8000v.CAT8000v.local % The key modulus size is 2048 bits % Generating 2048 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 1 seconds)
Creates a local user named cisco with the password cisco123:
CAT8000V(config)# username cisco secret cisco123
Enters the configuration for virtual terminal lines VTY 0–4 and use the local user database for authentication on VTY lines:
CAT8000V(config)# line vty 0 4 CAT8000V(config-line)# login local
Limits remote access to SSH only (which also disable telnet service):
CAT8000V(config-line)# transport input ssh CAT8000V(config)# end
Saves the current running configuration to the startup configuration to ensure that settings are preserved after a reboot:
CAT8000v# copy run start *Aug 6 19:45:10.396: %SYS-5-CONFIG_I: Configured from console by consoleart Destination filename [startup-config]? Building configuration... [OK]
Configure SSH Cisco IOS XR:
Open the console and Generate RSA keys for encryption:
RP/0/RP0/CPU0:XRv9000# crypto key generate rsa Wed Sep 18 11:22:41.075 UTC The name for the keys will be: the_default How many bits in the modulus [2048]: 2048 Generating RSA keys ... Done w/ crypto generate keypair [OK]
Go to global configuration mode and enable the SSH server version 2 on the router:
RP/0/RP0/CPU0:XRv9000# configure terminal RP/0/RP0/CPU0:XRv9000(config)# ssh server v2
Creates a local user named cisco with the password cisco123:
RP/0/RP0/CPU0:XRv9000(config)# username cisco secret cisco123
Command commit saves and applies those changes to the running configuration. Without commit, your settings (like enabling SSH or creating the user) wouldn’t take effect)
RP/0/RP0/CPU0:XRv9000(config)# commit
Configure SSH Cisco NX-OS:
Open console and go to global configuration mode and disable telnet service:
NX-OS9000# configure terminal NX-OS9000(config)# no feature telnet
Generate RSA key pairs for the SSH server and enable SSH server:
NX-OS9000(config)# ssh key rsa NX-OS9000(config)# feature ssh
Creates a local user named cisco with the password cisco123. The role network-admin part assigns the highest privilege level on NX-OS
NX-OS9000(config)# username cisco secret cisco123 role network-admin NX-OS9000(config)# exit
Saves the current running configuration to the startup configuration to ensure that settings are preserved after a reboot:
NX-OS9000# copy run start [########################################] 100% Copy complete, now saving to disk (please wait)... Copy complete.
And that’s all! I hope that this article Configure SSH Cisco (Cisco IOS XE, Cisco NX-OS, Cisco IOS XR) helped.
Source:
[1] https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html
