SSH for Network Devices
Secure Shell or SSH is a secure protocol for connecting to network device and servers. There are, as of the writing, two version of SSH, version 1 and 2. Version 2 is preferred since it is more secure.
Alcatel
SSH is on by default.
Cisco
Configure the Domain Name
You must configure the domain name in order to generate the ssh encryption key.
router#conf t Enter configuration commands, one per line. End with CNTL/Z. router(config)#ip domain-name <domain name>
Generate the Crypto Key
You should also make sure you are using high bit encryption since some *nix OS's will refuse connections stating the modulus is too small. 1024 is recommended.
router(config)#crypto key generate rsa Choose the size of the key modulus in the range of 360 to 4096 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 0 seconds)
Force SSH version 2
SSH version 2 is recommended for best security practices.
router(config)#ip ssh version 2
Enable the Secure Copy Server
Secure Copy or scp is used for downloading or uploading default configurations and IOS.
router(config)#ip scp server enable
Configure the VTY Lines
You need to configure the VTY lines to lock down the acceptable protocol and it is recommended that the VTY lines are locked down with an ACL.
HP
Generate the Crypto Key
Generate the RSA for HP ProCurves.
crypto key generate ssh rsa
Enable SSH and Secure Copy Server
ip ssh ip ssh version 2 ip ssh filetransfer no telnet-server no web-management
