Setting up SSH on a 3845 router?

Answered Question
Feb 25th, 2009

Greetings everyone!

Just curious, how does one set up SSH on a cisco 3845 router? Specifically, how does one generate the RSA keys?

It seems to be missing the "generate" subcommand for crypto. When I type crypto key the only sub-commands are lock and unlock. I'm unfamiliar with this and don't want to mess around too much since it's a production box.

I'm running c3845-spservicesk9-mz.124-11.T2.bin so I should have the ability, yes? Any guidance would be appreciated. I really would prefer not to use telnet.

I have this problem too.
0 votes
Correct Answer by JORGE RODRIGUEZ about 7 years 10 months ago

you have k9 image , it should support crypto commands, are you sure you were at the configuration mode?

try again.., here is a link for setting up ssh in IOS.

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

way to do it is open two telnet sessions to the router, in one session be in the enable mode and leave the session opened. On the other telnet session work with the SSH configuration implementation. When finished do not save the config , exit the session and open a new session using ssh to ensure you can connect and login to the router via ssh... if for any reason fails you still have the other telnet session opened to undo the ssh changes or correct them.

also for making sure your telnet sessions do not time out while working with configs permit yourself more time by entering exec-time out 60 <-- one hour for your vty lines.

line vty 0 4

exec-timeout 60

you can also do the complete ssh implementation via console port as well.

Regards

PLS rate any helpful posts if it helps

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
JORGE RODRIGUEZ Wed, 02/25/2009 - 21:11

you have k9 image , it should support crypto commands, are you sure you were at the configuration mode?

try again.., here is a link for setting up ssh in IOS.

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

way to do it is open two telnet sessions to the router, in one session be in the enable mode and leave the session opened. On the other telnet session work with the SSH configuration implementation. When finished do not save the config , exit the session and open a new session using ssh to ensure you can connect and login to the router via ssh... if for any reason fails you still have the other telnet session opened to undo the ssh changes or correct them.

also for making sure your telnet sessions do not time out while working with configs permit yourself more time by entering exec-time out 60 <-- one hour for your vty lines.

line vty 0 4

exec-timeout 60

you can also do the complete ssh implementation via console port as well.

Regards

PLS rate any helpful posts if it helps

matthew.sarro Thu, 02/26/2009 - 06:07

Yep, I was being dumb and was trying to do it at enable mode. Good call - no more late nights without coffee for me!

Actions

This Discussion