For Security reason, connect only over SSH
Telnet is bad by default (clear password)
Make sure, you have a hostename and a domainname
ip domain-name evil.net
Create now the key pair (here RSA)
crypto key gen rsa
How many bits in the modulus : 1024
% Generating 1024 but RSA keys ...[OK]
And now, you need a simple authentication and authorization system for this example
username chw secret 5 $1$9e4A$QIP5UAWxtz1vVh6L7Dx1I1
aaa authentication login USERS_LOCAL local
Set the SSH Negotiation phase timeout interval (in seconds)
ip ssh time-out 120
This sets the time period for the Cisco Router or Switch to wait for 120 seconds before timing out the client during the SSH Negotiation phase.
Set the Maximum retry attempts
ip ssh authetication-retries 3
This sets the maximum number of the Authentication retires to be 3 times before the interface (vty) is reset.
To change the default port for SSH (default is 22) connection
ip ssh port 4567
This sets the port number to listen for SSH connections to be 4567.(Sometimes reload requierd)
Try to logon and logoff the Cisco IOS Router or switch to ensure it works OK and then disable Telnet access to the switch. This can be done by making SSH as the only transport agent.
line vty 0 4
transport input ssh
This makes SSH as the only way to connect to the Cisco Routers or Switches remotely.