From Teknologisk videncenter
Revision as of 10:46, 1 October 2013 by Rael (talk | contribs) (Example of configuration)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


The SSH Version 2 server is supported in Cisco IOS Release 12.3(4)T, 12.3(2)XE, 12.2(25)S, and 12.3(7)JA.

The configuration for the SSH Version 2 server is similar to the configuration for SSH Version 1. The ip ssh version command was introduced so that you may define which version of SSH to configure. If you do not configure this command, SSH by default runs in compatibility mode; that is, both SSH Version 1 and SSH Version 2 connections are honored.[1]

SSH Version 1 is a protocol that has never been defined in a standard. If you do not want your router to fall back to the undefined protocol (Version 1), you should use the ip ssh version command and specify Version 2.
On Pre IOS 15 SSH version 2 is only a SSH version 1.99 because it is missing some of the mandatory features of version 2.

Restrictions for Secure Shell Version 2 Support

  • SSH servers and SSH clients are supported in 3DES software images.
  • Execution Shell, remote command execution, and SCP are the only applications supported.
  • Rivest, Shamir, and Adelman (RSA) key generation is an SSH server-side requirement. Routers that act as SSH clients need not generate RSA keys.
  • The RSA key pair size must be greater than or equal to 768.
  • The following functionality is not supported:
    • Port forwarding
    • Compression

Example of configuration

crypto key generate rsa general-keys modulus 1024
hostname R1
username admin password 0 l8heise
ip domain-name TSHOOT.HOT
aaa new-model
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
aaa session-id common
enable secret cisco
interface Loopback0
 ip address
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface Loopback0
ip ssh logging events
line vty 0 4
 transport input ssh
line con 0
 login authentication CONSOLE
service password-encryption