How to Configure SSH in Cisco Packet Tracer

SSH (Secure Shell) provides secure management of network devices. By using SSH, you establish a secure connection to a network device that you access, and your data is sent in encrypted form.

How to Enable SSH in Cisco Router with Packet Tracer

SSH is a much safer protocol than the Telnet protocol and uses the TCP 22 port by default. The port number may vary.

There are 2 versions of the SSH protocol. These; Version 1 and Version 2.

SSH V1 exploits several patented encryption algorithms and is vulnerable to a well-known vulnerability that could allow an attacker to enter data into the communication flow.

SSH V2, this release has an advanced key exchange algorithm that is not vulnerable to the same abuse and includes more powerful and comprehensive features:

• Encryption such as 3DES and AES.
• Use voice encryption Message Verification Code (MAC) algorithms for integrity checking.
• Support for public-key certificates.

We recommend that you use SSH V2 as far as possible to remotely manage network devices.

To enable SSH in the real scenario, make sure that the file name of your Cisco IOS software is k9 (crypto).

   Step 1

First, run Packet Tracer and then create a network topology as shown in the image below. Add an additional Router to the workspace, because after configuration we will connect the Router to the Router with SSH.

   Step 2

Open the CLI prompt by clicking on the SYSNETTECH Router and press Enter to skip the initial configuration.

   Step 3

To enable SSH on the router, perform the following commands in order.

Router>enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname SYSNETTECH
SYSNETTECH(config)#interface gigabitethernet 0/0
SYSNETTECH(config-if)#ip address 192.168.1.1 255.255.255.0
SYSNETTECH(config-if)#no shutdown
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
SYSNETTECH(config-if)#exit
SYSNETTECH(config)#ip domain name sysnettechsolutions.com
SYSNETTECH(config)#crypto key generate rsa
The name for the keys will be: SYSNETTECH.sysnettechsolutions.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus : 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...
SYSNETTECH(config)#ip ssh version 2
*Mar 1 0:6:12.698: %SSH-5-ENABLED: SSH 1.99 has been enabled
SYSNETTECH(config)#ip ssh time-out 10
SYSNETTECH(config)#ip ssh authentication-retries 3
SYSNETTECH(config)#line vty 0 4
SYSNETTECH(config-line)#login local
SYSNETTECH(config-line)#privilege level 15
SYSNETTECH(config-line)#transport input ssh
SYSNETTECH(config-line)#exit
SYSNETTECH(config)#username cisco privilege 15 password cisco123
SYSNETTECH(config)#end
SYSNETTECH#wr
Building configuration...

SYSNETTECH#
Copy

   Step 4

Configure the IP settings of PC1 as follows.

   Step 5

To quickly configure the R1’s interface, double-click on it, click the Config tab in the window that opens, and then configure the Port Status option of the GigabitEthernet0/0 interface to On, then assign the IP address.

   Step 6

To test whether SSH is running, open the PC1 prompt and establish a connection using the command below.

ssh -l cisco 192.168.1.1
Copy

-l : Login means.
cisco : The username to use to connect to the router.
192.168.1.1 : The IP address of the router.
Copy

   Step 7

Enter the user name and password you created, and as soon as you press Enter, the connection will be established as in the image below.

   Step 8

After executing the show ssh command on PC1 Command Prompt, you can check the version of the SSH protocol that is linked.

   Step 9

In this step, execute the following command to make SSH from router to router.

ssh -l cisco 192.168.1.1
Copy

   Step 10

In the same way, enter the user account information you created on the Cisco Router and press Enter.

   Step 11

As you can see in the image below, a successful SSH connection is made.

Show Commands

SYSNETTECH#show running-config
Building configuration...

Current configuration : 799 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SYSNETTECH
!
no ip cef
no ipv6 cef
!
username cisco privilege 15 password 0 cisco123
!
license udi pid CISCO1941/K9 sn FTX152488GK
!
ip ssh version 2
ip ssh time-out 10
ip domain-name sysnettechsolutions.com
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login local
transport input ssh
privilege level 15
!
end
SYSNETTECH#
Copy

SYSNETTECH#show ssh
Connection Version Mode Encryption Hmac State Username
133 1.99 IN aes128-cbc hmac-sha1 Session Started cisco
133 1.99 OUT aes128-cbc hmac-sha1 Session Started cisco
133 1.99 IN aes128-cbc hmac-sha1 Session Started cisco
133 1.99 OUT aes128-cbc hmac-sha1 Session Started cisco
%No SSHv1 server connections running.
SYSNETTECH#
Copy

SYSNETTECH#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 10 secs; Authentication retries: 3
SYSNETTECH#
Copy

 
   Video

With the simulator, you can watch the video below to enable SSH on the router and connect from the PC and also subscribe to our YouTube channel to support us!

   Final Word

In this article, after examining how to enable SSH, we have connected with SSH from PC to Router and Router to Router to verify the connection. In the real scenario, to configure SSH on Routers, make sure the IOS image has k9 (crypto). Thanks for following us!

   Related Articles

♦ Packet Tracer VLAN
♦ Packet Tracer Inter-VLAN
♦ Packet Tracer Static NAT
♦ Packet Tracer Dynamic NAT
♦ Packet Tracer PAT