Posted by: Yasir Irfan
Cisco Commands, Cisco Networking, Cisco Router, Cisco Switch, Cisco Tips, Cisco-remote-access, crypto key zeroize rsa, Disable SSH, disable SSH in Cisco routers, disable SSH in Cisco Switches, enable SSH, How to disable SSH in Cisco devices, Network Technologies and Trends, remote access, Router Configuration, Routing and Switching, SSH, ssh disable, ssh enable, ssh reconfigure, Switch Configuration
We all know the importance of SSH, and it is one of most used method for remote access of Cisco Devices either it might be a Cisco Router or a Cisco Switch. Most of the Network Engineers I come across say it is so complicated to either enable or disable the SSH in Cisco Devices.
If you simply try to use “no commands” used to enable SSH it will not work. Here is the tip to disable the SSH in either Cisco Router or Cisco Switches.
Commands used to enable SSH in a Cisco Device
ITKE-AS1(config)#ip domain-name itke.com
ITKE-AS1(config)#crypto key generate rsa general-keys modulus 512
The name for the keys will be: ITKE-AS1.itke.com
% The key modulus size is 512 bits
% Generating 512 bit RSA keys, keys will be non-exportable…[OK]
ITKE-AS1(config)#aaa authentication login default local
ITKE-AS1(config)#aaa authentication exec default local
Commands used to disable SSH in a Cisco Device
Do notice if you use the command “no crypto key generate rsa” it will not work rather the device will suggest you to use the ‘crypto key zeroize rsa’ command, amazing isn’t it
ITKE-AS1(config)#no crypto key generate rsa
% Use ‘crypto key zeroize rsa’ to delete signature keys.
ITKE-AS1(config)#crypto key zeroize rsa
% All RSA keys will be removed.
% All router certs issued using these keys will
will also be removed.
Do you really want to remove these keys? [yes/no]: yes