Network technologies and trends

Nov 17 2009   6:38AM GMT

How to disable SSH in Cisco Devices?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

We all know the importance of SSH, and it is one of most used method for remote access of Cisco Devices either it might be a Cisco Router or a Cisco Switch. Most of the Network Engineers I come across say it is so complicated to either enable or disable the SSH in Cisco Devices.

 If you simply try to use “no commands” used to enable SSH it will not work. Here is the tip to disable the SSH in either Cisco Router or Cisco Switches.

 Commands used to enable SSH in a Cisco Device

ITKE-AS1(config)#ip domain-name

ITKE-AS1(config)#crypto key generate rsa general-keys modulus 512

The name for the keys will be:


% The key modulus size is 512 bits

% Generating 512 bit RSA keys, keys will be non-exportable…[OK]



ITKE-AS1(config)#aaa new-model

ITKE-AS1(config)#aaa authentication login default local

ITKE-AS1(config)#aaa authentication exec default local


Commands used to disable SSH in a Cisco Device

Do notice if you use the command “no crypto key generate rsa” it will not work rather the device will suggest you to use the ‘crypto key zeroize rsa’ command, amazing isn’t it

ITKE-AS1(config)#no crypto key generate rsa

% Use ‘crypto key zeroize rsa’ to delete signature keys.


ITKE-AS1(config)#crypto key zeroize rsa

% All RSA keys will be removed.

% All router certs issued using these keys will

will also be removed.

Do you really want to remove these keys? [yes/no]: yes


 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: