Ipv6 Cisco Training: Enabling Ssh On A Cisco Ipv6 Router

Secure Shell or “SSH” is an Application layer protocol that uses a secure channel; the secure channel ensures that the data being exchanged between two IP devices is totally secure (encrypted).


A Cisco IPv6 router can either act like a SSH server or a SSH client. When a Cisco IPv6 router is acting like a SSH server, it allows a SSH client (IP device) to make a secure, encrypted connection to the Cisco router; and when a Cisco IPv6 router is acting like a SSH client, it is able to make a secure, encrypted connection to another Cisco router or to any other IP device running as a SSH server.

Now, before you can enable Secure Shell or “SSH” on a Cisco IPv6 router, the router must meet certain requirements and those requirements are:

• The router must be imaged with either an IPsec Data Encryption Standard (DES) or a Triple Data Encryption Standard (3DES) encryption software image.

• It should be running Cisco IOS Release 12.1(3)T or higher.

• It should be configured with a host name (by using the global configuration command hostname) and a host domain (by using the global configuration command ip domain-name).

• It should already have a Rivest, Shamir, and Adelman (RSA) key pair generated. The RSA key pair is used to automatically enable SSH on the router; to generate a RSA key pair use the “crypto key generate rsa” global configuration command.

• It should already have a user authentication mechanism configured for local or remote access. Currently, with SSH over an IPv6 transport; the only user authentication mechanism supported, is locally stored usernames and passwords. The TACACS+ and RADIUS user authentication mechanisms are not supported over an IPv6 transport. But, if you are in an IPv6 network environment and would like to have either TACACS+ or RADIUS authenticate SSH clients; you must configure TACACS+ or RADIUS over an IPv4 transport and then connect to an SSH server over an IPv6 transport.

Here are the steps to enable SSH (SSH server) on an IPv6 router:

1. Router>enable
2. Router#configure terminal
3. Router(config)#ip ssh [timeout seconds | authentication-retries integer]
4. Router(config)#exit
5. Router#copy run start

Steps Explained:

Step #1

1. Router>enable

Puts router into Privileged EXEC mode.

Step #2

2. Router#configure terminal

Puts router into Global configuration mode.

Step #3

3. Router(config)#ip ssh timeout 100 authentication-retries 2

Configures the SSH (server) control variables on the router.

Step #4

4. Router(config)#exit

Causes router to exit global configuration mode and re-enters into Privileged EXEC mode.

Step #5

5. Router#copy run start

Saves the contents of the running-config to local Non -Volatile Random Access memory (NVRAM).

Here are the steps that allow a Cisco IPv6 router that is acting like a SSH client to initiate an encrypted SSH session with a remote networking device.

Router>enable
Router#ssh [-v {1 | 2}] [-c {3des | aes128-cbc | aes192-cbc | aes256-cbc}] [-l userid | -l userid:{number}{ip-address} | -l userid:rotary{number} {ip-address}] [-m {hmac-md5 | hmac-md5-96 |
hmac-sha1 | hmac-sha1-96}] [-o numberofpasswordprompts n] [-p port-num] {ip-addr |
hostname} [command]

Steps Explained:

Step #1

1. Router>enable

Puts router into Privileged EXEC mode.

Step #2

2. Router#ssh

Initiates an encrypted session with a remote networking device.

I invite you to visit my website were you’ll find the latest information regarding Cisco IPv6 Design and Implementation Techniques.

To your success,

By: Charles E Ross

Article Directory: http://www.articledashboard.com

Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you'll find free comprehensive information and videos about IPv6 technology and how it works with Cisco Systems technology. Sign-Up for "18 Free Videos" that will teach you IPv6 Address Representation In Under 10 Minutes! And, also learn more about the new "Cisco IPv6 Video Accelerated Training Course" at his website. www.ciscoipv6ittechtips.com