show ssh
Displays the status and configuration of SSH server connections on a Cisco device, used to verify SSH sessions, authentication methods, and encryption settings.
show sshWhen to Use This Command
- Verify active SSH sessions to the router for remote management.
- Check SSH version and encryption algorithms configured on the device.
- Troubleshoot SSH connectivity issues by reviewing session details.
- Audit SSH configuration for compliance with security policies.
Command Examples
Basic show ssh output
show sshConnection Version Mode Encryption Hmac State Username 0 2.0 IN aes128-cbc hmac-sha1 Session started admin 0 2.0 OUT aes128-cbc hmac-sha1 Session started admin %No SSHv1 server connections running.
Line 1: Connection ID 0, SSH version 2.0, direction IN (incoming), encryption aes128-cbc, HMAC hmac-sha1, state 'Session started', username 'admin'. Line 2: Same connection OUT direction. Line 3: No SSHv1 connections.
Show ssh with multiple sessions
show sshConnection Version Mode Encryption Hmac State Username 0 2.0 IN aes256-cbc hmac-sha2-256 Session started jdoe 0 2.0 OUT aes256-cbc hmac-sha2-256 Session started jdoe 1 2.0 IN aes128-cbc hmac-sha1 Session started admin 1 2.0 OUT aes128-cbc hmac-sha1 Session started admin %No SSHv1 server connections running.
Two active SSH sessions: Connection 0 by user 'jdoe' with stronger encryption (aes256-cbc) and HMAC (sha2-256); Connection 1 by user 'admin' with weaker settings. Each session has IN and OUT lines.
Understanding the Output
The 'show ssh' command output lists each active SSH session with two lines per connection (IN and OUT). The 'Connection' column shows a unique session ID. 'Version' indicates SSH protocol version (1.99 or 2.0). 'Mode' is either IN (incoming from client) or OUT (outgoing to server). 'Encryption' shows the negotiated cipher (e.g., aes128-cbc, aes256-cbc). 'Hmac' shows the HMAC algorithm (e.g., hmac-sha1, hmac-sha2-256). 'State' indicates the session phase (e.g., 'Session started' means authenticated and open). 'Username' shows the authenticated user. A line '%No SSHv1 server connections running.' indicates no legacy SSHv1 sessions. Good values include strong encryption (aes256-cbc) and HMAC (hmac-sha2-256). Bad values include weak ciphers (e.g., 3des-cbc) or SSHv1. Watch for unexpected users or multiple sessions from unknown IPs (IP not shown here; use 'show users' for IPs).
CCNA Exam Tips
Remember that 'show ssh' only shows active sessions, not configuration; use 'show ip ssh' for SSH server settings.
CCNA exam may ask to identify the SSH version in use; look for 'Version' column showing 1.99 (both v1 and v2) or 2.0.
Know that each SSH session has two lines (IN and OUT) representing bidirectional encryption.
The absence of '%No SSHv1 server connections running.' indicates SSHv1 is enabled, which is a security risk.
Common Mistakes
Confusing 'show ssh' with 'show ip ssh' — the former shows sessions, the latter shows configuration.
Assuming the output shows IP addresses of connecting clients; use 'show users' or 'show ssh session detail' for that.
Overlooking the '%No SSHv1 server connections running.' line; it indicates SSHv1 is not in use, which is good.
Related Commands
show ip ssh
Displays the status and configuration of SSH server on the Cisco IOS device, used to verify SSH is enabled and check connection details.
show users
Displays active user sessions on the router, including line type, idle time, and remote IP addresses, useful for monitoring who is logged in and troubleshooting connectivity issues.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions