Enabling SSH on CSS 11500 series

Unanswered Question
Jan 9th, 2009

Hi, I'm trying to convert from Telnet to SSH only. Viewing other posts on NetPro, I'm not really sure if I need to upgrade my License or not. As my show sshd commands are showing output to reflect some sort SSH config. What am I missing here ??

CSS11503# sh ver

Version: sg0810106 (

Flash (Locked):

Flash (Operational):


Licensed Cmd Set(s): Standard Feature Set

CSS11503# show sshd version

SSHield version 1.6.1, SSH version OpenSSH_3.0.2p1

CSS11503# show sshd config

Sshd Configuration Information:


Access Restricted: Yes

Maximum Sessions Allowed: 5

Active Sessions: 0

Log Level: warning-4

Listen Socket Count: 1

Listen Port: 22

Listen Address:

Server Protocol(s): v1 v2

Server Key Bits: 768

RSA Protocol(SSH1): Enabled

Empty Passwords: Rejected

Keep Alive: Enabled

SSH2 Cipher List: aes128-cbc,3des-cbc,blowfish-cbc, etc...

1. In order to migrate to SSH as the only remote access method do I need to upgrade to the "Enhanced Feature Set" and then get the "Secure Management License" from Cisco or can I skip the Enhanced License and go direct to the Secure License?

2. Or do I just do a "no restrict SSH" ?

3. Are there any SSL keys that need to be generated with the "ssl genrsa" cmd or will the licensing upgrade take of this.

Input greatly appreciated!


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Vern Brinkman Mon, 07/13/2015 - 16:12

you need the ssh license....S11K-SEC2-K9

so you get "SSH Server" when you do show license


css# show version
?Version: 				ap0500003 (5.00 Build 3)
?Flash (Locked): 		4.10 Build 33
?Flash (Operational): 	5.00 Build 3
?Type: 					PRIMARY
?Licensed Cmd Set(s):	Standard Feature Set 
						Enhanced Feature Set 
						Proximity Data Base 
						SSH Server


This Discussion