SSH access on a Cisco device (Switch, Router, AP) can be configured using the following:
Router> enable
Router# configure terminal
Router(config)#ip ssh version 2
Router(config)#ip domain-name MYNETWORK.LOCAL
Router(config)#crypto key generate rsa
Router(config)#line vty 0 4
Router(config-line)#transport input ssh
Router(config-line)#login local
Router(config)#username admin password my_password
The ip domain-name can be set according to your preferences or your network configuration.
Following the crypto key generate rsa command, the terminal will prompt you to enter a value to define the RSA key size. The recommended value is at least 2048 bits.
The line vty 0 4 command sets the number of simultaneous remote connections allowed on the VTY virtual lines. A value of 0 4 means: lines numbered from 0 to 4, which gives 5 lines, or 5 simultaneous connections allowed. The maximum value is 0 15, which equals 16 simultaneous remote connections allowed.
The transport input ssh command only allows SSH connections via port 22. It is also possible to configure Telnet access by replacing ssh with telnet. In the case of Telnet, it is not necessary to configure a username and password.
To connect via SSH to a Cisco device configured with the IP address 192.168.12.1, the command should be:
ssh -l admin 192.168.12.1
If the Cisco device is older, there may be an incompatibility between the encryption methods used by the PC and the device. In this case, on a Windows PC, for example, the -legacy option should allow the connection.
ssh -legacy admin@192.168.12.1
Tested on Cisco switches and routers released before 2014 from a Windows 11 PC and the MobaXterm terminal.