Once you complete initial setup and configuration of your Cisco switch or router using a console, you may want to manage the device remotely. Using Telnet is a security risk because passwords and commands are sent over the network in cleartext and can easily be hacked. So you would want to disable Telnet and enable only SSH for remote management.
Assuming you have already completed initial configuration of your Cisco device by console, the steps for SSH configuration on a Cisco Switch are:
1) Set the hostname and domain name
switch# config t switch(config)# hostname OTGswitch OTGswitch(config)# ip domain-name OTG.com
2) Generate RSA keys for encryption
OTGswitch(config)# crypto key generate rsa The name for the keys will be: OTGswitch.OTG.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus :
Choose 1024 if you want higher security.
3) Configure VTYs (Virtual Terminal Lines)
OTGswitch(config)# line vty 0 4 OTGswitch(config-line)# login local OTGswitch(config-line)# transport input ssh OTGswitch(config-line)# exit
This means we will use local database on this switch for authentication and disable Telnet by specifying SSH only on VTYs 0 to 4.
If your device supports 16 VTYs amend the command as follows:
OTGswitch(config)# line vty 0 15 OTGswitch(config-line)# login local OTGswitch(config-line)# transport input ssh OTGswitch(config-line)# exit
4)Create an account
OTGswitch(config)# username OTGuser privilege 15 secret OTGpass
Here username is OTGuser, password is OTGpass and privilege 15 means the user has full access rights.
5)Set time-out interval
OTGswitch(config)# line vty 0 4 OTGswitch(config-line)# exec-timeout 5
This sets a timeout interval of 5 minutes so your session expires in 5 minutes if you left it idle.Also extend this to VTYs 0 to 15 if your device supports 16 VTYs.
Now you can check SSH from a remote client. Optionally you can use access control lists to limit the sub-networks from which remote access is permitted.
The above procedure to enable SSH works on Cisco Switches running on IOS. The same can be applied to Cisco Routers as well. The key thing to bear in mind is to find out how many simultaneous remote sessions(VTY)are supported in your IOS version.