SSH catalyst switch

Unanswered Question
May 10th, 2009
User Badges:

Hi All,

Planning to implement the access for Catalyst switch using shh. FYI, current IOS version - Version 12.2(25)EWA8. does it support for ssh?what consideration is necessary once doing this?what version is not support of using ssh?

Many thanks.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Leo Laohoo Sun, 05/10/2009 - 16:50
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

You need to have the Crypto IOS and in the following config:

line vty 0 15

transport input ssh telnet

line cons 0

transport input ssh telnet

Hope this helps.

sam_manay Sun, 05/10/2009 - 17:37
User Badges:

what do you mean by Crypto IOS?anyway Version 12.2(25)EWA8 supports IOS for crypto (ssh) ?

Thanks for prompting response.

lamav Sun, 05/10/2009 - 17:56
User Badges:
  • Blue, 1500 points or more


You have to look at the IOS feature set, not just the version.

For example, you can have IOS version 12.2(35) that is running ipbase or ipbasek9.

Execute a "show verion" command from your router's prompt to see which version and feature set are running.



pieterddejong Sun, 05/10/2009 - 22:33
User Badges:

...and of course specify local username & password if you not using tacacs/ Radius and then generate RSA keys. Also specify logon local if above is used

crypto key generate rsa modulas 1024

rajinikanth Mon, 05/11/2009 - 01:41
User Badges:
  • Bronze, 100 points or more

Hi Sam,

To use ssh you need to do following

1. Confgiure hostname and domain name on switch

2. start aaa ( aaa new-model cmd this will allow to use local users to login via ssh if no tacacs is configure )

3. Generate rsa key ( crypto key generate rsa )

4. Enable SSH transport support ( transport input ssh ) at VTY lines



glen.grant Mon, 05/11/2009 - 03:28
User Badges:
  • Purple, 4500 points or more

Do dir flash: or dir bootflash: depending on model and look at the imagename if it does "not" have a "k9" somewhere in the imagename it is not a crypto version and you will have to change your code to get the SSH feature .


Do a "dir" at the command line. Copy the .bin file and then paste that into the Cisco IOS feature navigator.

Choose "search by image"

Paste in the .bin file name.

Within the search results you should see:

Secure Shell version 1 server

Secure Shell version 1 client

Secure Shell version 2 server

Secure Shell version 2 client

The "server" feature allows you to SSH using PUTTY (or some other ssh client) to connect to the switch.

The "client" feature allows you to SSH from the SWITCH to another SSH server (like from switch to switch).

Requirements for SSH:

Local password database

username test password cisco

username test secret cisco

Authentication on VTY lines

login local


AAA Authentication

aaa new-model

aaa authentication login default local

aaa authentication enable default enable

VTY lines configured for SSH

transport input ssh

Create crypto keys

crypto gen key rsa gen Lable SSH_Keys mod 1024

*Hostname and Domain* are ONLY required if you don't label the keys.

"sh ip ssh" will show you the version of SSH.

Version 1.5 = SSHv1 only

Version 1.99 = SSHv1 & SSHv2

Version 2.0 = SSHv2 only


This Discussion