Now the first thing that you need to know is that not all old equipment, like one might have in a home lab, is going to support SSH. However, sometimes it may be as easy as an ISO upgrade to get your fancy EOL router to get SSH up and running. Note however that his might not be the case.
Take for example the following. I obtained a Cisco 2621 switch from work as it headed for the scrap heap. I took it home and found that it did not support SSH, but could with an IOS upgrade. However the internal flash was only 8mb in size, which was way to small for any of the modern IOS images for this particular router. Aparently a flash upgrade required a bootrom upgrade and the going rate for both was around $45 plush shipping. Luckily I was able to pick up another 2621, with 32mb of flash, for the same cost, from craigslist.
Anyway – Now that I have my fancy new IOS image running on my switch, lets get configure ssh. I chose to generate a 1024 bit key.
So lets tell the switch to authenticate using local users, and create that user and its password. In this example we are creating a user named ciscouser with a password of ciscopassword.
r-2621-2(config)#username ciscouser password 0 ciscopassword
Now lets allow ssh connections on vty 0 through 4
r-2621-2(config)#line vty 0 4
r-2621-2(config)# transport input ssh
Ok, now lets set our domain-name and generate our ssh key
r-2621-2(config)#ip domain-name localdomain
r-2621-2(config)#crypto key generate rsa
The name for the keys will be: r-2621-2.localdomain
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus : 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
*Mar 1 08:47:32.262: %SSH-5-ENABLED: SSH 1.99 has been enabled
Thats it, you should be able to SSH into your switch now.
Now of course there are plenty of additonal ssh options such as timeout and retries, but I am not going to go into that here.