Begin by configuring the domain-name on the router that will be accepting SSH connections. This domain-name is used in the next step where RSA keys are generated.

Next generate the RSA key pairs that will be used by SSH.

Using the command "ip ssh version" enable the use of SSH version 2.

Enter line configuration mode. In here you will be configuring the transport for SSH as well as defining the options for authentication.

In this example we will use the local database for authentication. At the moment there is no username in the database, so we will go back and configure that later. For now, lets just enable local authentication.

For ease of use in a lab environment we can configure the VTY to place us at privilege level 15 once we authentication. I would not recommend this in a production environment.

Now we need to back out of line configuration mode and configure the user in the local database.

You can create a pretty extensive local database of users however it doesnt scale. It’s usually preferable to use an AAA server like Cisco ACS. In this case we keep it simple and create the user cisco with a password of cisco. The user is also given privilege level 15.

From another router in your lab use the "ssh" command to connect to R3 (in our case). Notice that -l denotes the username that was configured on R3 in the local database, and -v denotes the version of ssh that we wish to use. Enter the password "cisco" to authenticate.

Back on R3 use the "show ssh" command to verify the SSH connection from R2.