Cisco : Enable SSH on Cisco Switch, Router and ASA

When you configure a Cisco device, you need to use a console cable and connect directly to the system to access it. Follow the SSH setup below, will enable SSH access to your Cisco devices, since SSH is not enabled by default. Once you enable SSH, you can then access it remotely using SecureCRT or any other SSH client.

Set hostname and domain-name

The hostname has to have a hostname and domain-name.

switch# config t
switch(config)# hostname tpw-switch
tpw-switch(config)# ip domain-name

Setup Management IP

In the following example, the management ip address will be set to in the 101 VLAN. The default gateway points to the firewall, which is

tpw-switch# ip default-gateway
tpw-switch# interface vlan 101
tpw-switch(config-if)# ip address

Generate the RSA Keys

The switch or router should have RSA keys that it will use during the SSH process. So, generate these using crypto command as shown below.

tpw-switch(config)# crypto key generate rsa
  The name for the keys will be:
  Choose the size of the key modulus in the range of 360 to 2048 for your
    General Purpose Keys. Choosing a key modulus greater than 512 may take
    a few minutes.

How many bits in the modulus [512]: 1024
  % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

Setup the Line VTY configurations

Setup the following line vty configuration, where input transport is set to SSH only. Set the login to local, and password to 7, and make sure Telnet is not enabled:

tpw-switch# line vty 0 4
 tpw-switch(config-line)# transport input ssh
 tpw-switch(config-line)# login local
 tpw-switch(config-line)# password 7
 tpw-switch(config-line)# exit

If you have not set the console line yet, use the following:

tpw-switch# line console 0
tpw-switch(config-line)# logging synchronous
tpw-switch(config-line)# login local

Create the username password

If you don’t have an username created already, here is how:

tpw-switch# config t
Enter configuration commands, one per line.  End with CNTL/Z.
tpw-switch(config)# username thepacketwizard password tpwpassword123
tpw-switch# enable secret tpwenablepassword

Make sure the password-encryption service is turned-on, which will encrypt the password, and when you do “show run”, you’ll see only the encrypted password and not clear-text password.

tpw-switch# service password-encryption

Verify SSH access

From the switch, if you do ‘show ip ssh’, it will confirm that the SSH is enabled on this Cisco device.

tpw-switch# show ip ssh
 SSH Enabled - version 1.99
 Authentication timeout: 120 secs; Authentication retries: 3

After the above configurations, login from a remote machine to verify that you can ssh to this cisco switch.

In the example, is the management ip-address of the switch.

TPW-Remote-Computer# ssh
 login as: thepacketwizard
 Using keyboard-interactive authentication.


You are now setup and logged in on SSH!

To read more on SSH visit:

Open Gear : Basic Commands

Here are some basic commands to help you get around when using Open Gear Terminal Server. These devices are incredibly useful for accessing Network Devices Out of Band. On the newer models you can use them with Cellular Access and a Static IP, so when your Device or Network goes down you can still access your devices Out of Band. 

To view all ports


To exit from one device

~. <Enter>

$ pmshell

(standard user)


# pmshell

(root user)


For example, enter a device to be managed:


> 3

Once the selection has been made, type one of the following selections:

CISCOASA> ~?  (Note: Typing this ESCAPE sequence should not be visible for this to work. Should you start to see typing, hit enter 1-2 times to refresh)

Help Menu: ~~?     —>  double tilde is required for ALL OpenSSH based terminals (Mac & Linux)

Shell Commands:

~b – Generate BREAK

~h – View history

~p – Power menu

~m – Connect to port menu

~. – Exit pmshell

~? – Show this message


PMSHELL Command Breakdown:

~b –> (BREAK sequence) often used in device recovery situations.

~h –> recent port history of RX/TX operations

~p –> (optional) if a managed PDU has been configured, the device would have the ability to pull-up the power menu directly from the device.

~m –> at any point when connected to an active console session, this will return you back to the main pmshell selection menu.

~. –> (tilde period)  exit the pmshell system when actively connected to a console session.

~? –> displays pmshell command usage information.