So I wanted to disable telnet and enable SSH only on the switches – take my 2950 and 3560 switches and change the following:
Change the hostname and generate the crypto keys
conf t
hostname HOSTNAMEHERE
ip domain-name HOSTDOMAINHERE
crypto key generate rsa
If this command does not work then you need to update to a K9 or crytographic IOS!
end
show ip ssh
wr mem
Enable the AAA authentication
conf t
service password-encryption
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
exit
Create the User
conf t
username CISCO password PASSWORD
end
Create passwords
conf t
enable secret PASSWORD
line con 0
password PASSWORD
line vty 0 4
no password
transport input ssh
line vty 5 15
no password
transport input ssh
exit
Set SSH arguments
conf t
ip ssh version 2
ip ssh time-out 60
ip ssh authentication-retries 2