How To enable Secure Shell (SSH) in Cisco IOS and disable Telnet


  1. How i can disable support for DES SSH cipher in cisco routers?

  2. For setting transport input you may want to go in to “line vty 0 15” because there are more than 5 terminal lines that telnet can connect to 🙂

  3. Thank you for the explanation and config details!

    Actually, there are more vty lines than the 16 mentioned “vty 0 15,” I believe. It depends on the IOS capabilities. Right?

  4. i tried to connect from one router to another using SSH after basic configuration on the both th router. i got below error

    Connection to closed by foreign host

    can anyone tell me why this error occers,& how to solve the issue

  5. Connection to closed by foreign host

    mean’s that, in all likelyhood, you forgot to “activate” your vty lines.


    Did you do the normal Sw1#(config):”Line vty 0 15″, “password yourpass”, “login” and “exit” ?. If not then the foreign host wont allow connections of any type (telnet, ssh etc).

  6. does any one know the command for entering into ssh on a a router.

    is it

    router#ssh -c 3des -l

    i could do with some help guess anyone wid any information i would appreciate.

  7. ip ssh port xxx does not work using more current ios versions.

  8. In response to the last comment about
    ip ssh port xxx, that not working, there is additional commands needed to make it listen for ssh other than port 22.

    ip ssh port xxxx rotary 1
    ip ssh port xxxx rotary 1 127

    basically rotary 1, is the rotary group number, and the second number (127 in this example) is the high number that it will look for.

    I have only used the first example so I cant comment much on what the rotary is all about, but a simple ? or tab key will show those commands in newer IOS

  9. Hey, great article. Exactly what I needed. Although I don’t support changing the default port from 22. 22 is the SSH port and it is an SSH server. Obscurity offers such a tiny amount of additional security when compared to the SSH protocol itself, it’s not worth hassle. Just my 2cents. Thanks again the info.


  10. How can i enble https access on switch 6506
    when im giving ip http secure-server it’s telling unrecognized command. Im using sup720 with ipservicesk9-12.2(18).SXF5 pls help me out on this.

  11. Hi

    Is there any way i can have telnet and ssh both for tty lines using async port adapter like NM-32 on cisco routers or is it either telnet or ssh at a time ?

  12. line con 0
    password 7 071F76451A0E4D
    line vty 0 4
    password 7 105E5E10511046
    transport input telnet ssh
    line vty 5 15

    This is what I have on my router. I would like to disable telnet but not SSH. How do I do it?
    Please help!

Leave a Reply

Your email address will not be published. Required fields are marked *