Full form: Secure Shell
Also known as: Secure Shell
Quick Definition
An encrypted remote management protocol used to securely access Cisco devices.
SSH provides encrypted remote access to Cisco routers and switches using TCP port 22. SSH replaces Telnet, which sends data (including passwords) in cleartext. To enable SSH on Cisco IOS: configure a hostname and domain name, generate RSA keys, configure VTY lines to use SSH, and create local user accounts. SSHv2 is more secure than SSHv1 and should be explicitly configured.
hostname R1 ip domain-name example.com crypto key generate rsa modulus 2048 ip ssh version 2 line vty 0 4 transport input ssh login local
SSH requires: hostname, domain-name, RSA key pair, and local user accounts (or AAA). Without all four, SSH will not function. Telnet (port 23) should be disabled on production networks.
An unencrypted remote management protocol that should be replaced by SSH.
Authentication, Authorisation, and Accounting — the three-component framework for controlling network access.
An open-standard AAA protocol that uses UDP and encrypts only the password.
A Cisco-developed AAA protocol that uses TCP and encrypts the entire authentication payload.
SSH provides encrypted remote access to Cisco routers and switches using TCP port 22. SSH replaces Telnet, which sends data (including passwords) in cleartext. To enable SSH on Cisco IOS: configure a hostname and domain name, generate RSA keys, configure VTY lines to use SSH, and create local user accounts. SSHv2 is more secure than SSHv1 and should be explicitly configured.
SSH requires: hostname, domain-name, RSA key pair, and local user accounts (or AAA). Without all four, SSH will not function. Telnet (port 23) should be disabled on production networks.
SSH falls under the Security domain of the 200-301 exam. Understanding it in context with related terms like telnet and aaa is essential for answering scenario-based questions correctly.