how to ssh on routers?

Answered Question
Apr 21st, 2008
User Badges:

How do I verify if a Cisco IOS version has IPSec(DES or 3DES) encryption software?

I want to enable ssh but each time I get the following error message

ban-top-dess(config)#crypto key generate rsa

The "^" is displayed below the "r" on crypto

% Invalid input detected at '^' marker.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
banso_boy Mon, 04/21/2008 - 03:42
User Badges:


you mean if I don`t see "This product contains cryptographic features..." in the "show version" command then I cannot run ssh?

banso_boy Mon, 04/21/2008 - 03:58
User Badges:

by the way any idea on how I can enable ssh on the router? software upgrade? If yes how can I go about it? The router is cisco 2811.

Hope u can still offer some ideas here.

If you have the correct image - the configuration is very easy:-


ip domain-name blah.blah (this is required for the ssh key cert)


crypto key generate rsa general-keys modulus 1024 (module 1024 is optional, default key size is 512)


line vy 0 4 or 0 15


transport input ssh


You will need to upgrade the IOS image - for this you do need a valid CCO account that allows the download of IOS images.

I think there is a IOS image for the 2811 that has crypto - it's either IP Plus or Advanced security or something like, I am not sure 100% on that.


banso_boy Mon, 04/21/2008 - 05:12
User Badges:


yep, there is Advanced Security and Advanced IP services.

glen.grant Mon, 04/21/2008 - 06:05
User Badges:
  • Purple, 4500 points or more

Most crypto images will have a "K9" somewhere in the imagename.


This Discussion