In this lesson, we will configure SSH on Cisco IOS XR enabled router. Earlier we have configured SSH on Cisco IOS, if you want to check that article, then click SSH on Cisco IOS devices.

How to configure SSH on Cisco IOS XR

First of all, let’s create hostname and domain name just like IOS. This will be needed to generate RSA key.

RP/0/0/CPU0:ios(config)#hostname IOS-XR
RP/0/0/CPU0:ios(config)#domain name ios-xr.local

Creating RSA is a little bit different then regular IOS. You need to do this on EXEC mode. We will label our RSA key as “ourrsakey”.

RP/0/0/CPU0:IOS-XR#crypto key generate rsa ourrsakey
Thu Sep 20 17:08:20.764 UTC
The name for the keys will be: ourrsakey
  Choose the size of the key modulus in the range of 512 to 4096 for your General Purpose Keypair. Choosing a key modulus greater than 512 may take a few minutes.

How many bits in the modulus [2048]: 2048
Generating RSA keys ...
Done w/ crypto generate keypair
[OK]

RP/0/0/CPU0:IOS-XR#

If we check our RSA key, then we will see a key with “ourrsakey” label.

RP/0/0/CPU0:IOS-XR#show crypto key mypubkey rsa
Thu Sep 20 17:08:42.503 UTC
Key label: ourrsakey
Type     : RSA General purpose
Size     : 2048
Created  : 17:08:28 UTC Thu Sep 20 2018
Data     :
 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
 00AF8F6F B81E6DE4 CB06159D 3CD2ED89 665BE980 453CC938 6B0AE6D5 6AA441F4
 59319A4F B4986A8C 8685B4C1 27386061 28F35A9D 6683BADF FA0452E8 D2AE149F
 F909D216 AF2EE2F5 A811F417 4B99CA60 E04E3C75 DDC44DC9 5AF4CAA9 AF8AF903
 08478FB7 D730FB52 FE635A66 7B0A0DE4 ADE885E3 68771791 174604D0 F68D94CA
 2510EEB6 0A59D790 30FDF225 574D5827 27C9B12A 1501E219 94F113D8 0499ED1C
 2C439FA9 128EA958 DA4C3543 BBD8DFD4 B0176637 37D7DCB7 495E3196 AC80D110
 B510D9B2 7CC03C52 F93A07C2 51DDC0C0 1D56A894 6AA73235 9386CF42 2E3CAACF
 FEDBB917 E5F4E8AA CCD6686E C25B5A68 F72A6E03 1561A210 67051C4B 19A7E1C2
 63020301 0001

Let’s enable SSH version 2 and also just allow ssh for remote access.

RP/0/0/CPU0:ios(config)#ssh server v2
RP/0/0/CPU0:ios(config)#line default transport input ssh

This is how you configure ssh on Cisco ios xr devices.

Verification:

To verify, we can SSH own IP (192.168.3.100 is the management IP for our example).

RP/0/0/CPU0:IOS-XR#ssh 192.168.3.100

Please login with any configured user/password, or cisco/cisco

Password:

“show ssh session details” command will show our ssh session details.

RP/0/0/CPU0:IOS-XR#show ssh session details
Fri Sep 21 15:36:18.038 UTC
SSH version : Cisco-2.0

id  key-exchange  pubkey  incipher  outcipher  inmac   outmac
-------------------------------------------------------------------
Incoming Session
0  diffie-hellman  ssh-rsa  aes256-cb  aes256-cb  hmac-sha1  hmac-sha1

Outgoing connection
RP/0/0/CPU0:IOS-XR#

Written by Rajib Kumer Das

I am Rajib Kumer Das, a network engineer with 7+ years of experience in multi-vendor environment. In my current company, I am responsible to take care critical projects and it's support cases. I do have several vendor certificates and have plans to go further.

This article has 1 comments

Leave a Comment

Your email address will not be published. Required fields are marked *