is going to support SSH. However Archives : FATMIN

Now the first thing that you need to know is that not all old equipment, like one might have in a home lab, is going to support SSH. However, sometimes it may be as easy as an ISO upgrade to get your fancy EOL router to get SSH up and running. Note however that his might not be the case.

Take for example the following. I obtained a Cisco 2621 switch from work as it headed for the scrap heap. I took it home and found that it did not support SSH, but could with an IOS upgrade. However the internal flash was only 8mb in size, which was way to small for any of the modern IOS images for this particular router. Aparently a flash upgrade required a bootrom upgrade and the going rate for both was around $45 plush shipping. Luckily I was able to pick up another 2621, with 32mb of flash, for the same cost, from craigslist.

Anyway – Now that I have my fancy new IOS image running on my switch, lets get configure ssh. I chose to generate a 1024 bit key.

So lets tell the switch to authenticate using local users, and create that user and its password. In this example we are creating a user named ciscouser with a password of ciscopassword.

r-2621-2(config)#aaa new-model
r-2621-2(config)#username ciscouser password 0 ciscopassword

Now lets allow ssh connections on vty 0 through 4

r-2621-2(config)#line vty 0 4
r-2621-2(config)# transport input ssh

Ok, now lets set our domain-name and generate our ssh key

r-2621-2(config)#ip domain
r-2621-2(config)#ip domain-name localdomain
r-2621-2(config)#crypto key generate rsa

The name for the keys will be: r-2621-2.localdomain
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

*Mar 1 08:47:32.262: %SSH-5-ENABLED: SSH 1.99 has been enabled