Secure Shell (SSH) is a useful protocol or application for establishing secure sessions with the router. A router configured with SSH server allows a secure connection to the router similar to Telnet. The Telnet application has limited security. SSH provides stronger encryption and deploys public-key cryptography for added confidentiality.
IOS XR supports two versions of SSH:
SSH version 1 uses Rivest, Shamire, and Adelman (RSA) keys.
SSH version 2 uses the Digital Signature Algorithm (DSA).
There are two modes you can configure:
The SSH server feature enables an SSH client to make a secure, encrypted connection to router. This connection provides functionality that is similar to that of an inbound Telnet connection.
The SSH client feature is an application running over the SSH protocol to provide device authentication and encryption. The SSH client enables router to make a secure, encrypted connection to another router or to any other device running the SSH server. This connection provides functionality that is similar to that of an outbound Telnet connection except that the connection is encrypted.
In this example we will configure Router1 in server mode using SSHv2:
In IOS XR if you don’t configure domain name default domain name that the software uses to complete unqualified host names.
Enabling SSH on IOS XR requires the "Hfr-k9sec security" PIE to be installed on the router.