How To: Enable SSH On A Cisco 2950

First you have to make sure you are running a version of code that has encryption. See my previous article for instructions on how to upgrade the code. Once your code is upgraded, here are the steps to enable SSH on a Cisco 2950.

Generate An SSH Key

Verify your key like so

Wow 1993, feels good to be a time machine πŸ™‚

Configure the allowed number of retries

Enabling SSH on the VTYs

Configuring A Username

When you’re running telnet you don’t need a username. But when you are using SSH, you do.

Now were golden, let’s test.

Awesome ! That concludes this short tutorial.

How To: Upgrade IOS On A Cisco 2950

My cisco 2950 came with an older IOS version 12.1, but more importantly, one that does not support encryption, and thus I cannot use SSH. I need to upgrade the code aka IOS Image on this switch to enable SSH. So here we go, I’ll be referencing the following guide :ΒΒ throughout this how to article. Note: You should be in enable/privilege 15 mode for the duration of this article.

Existing version info

Cisco Image & TFTP Server

I had to register for the Cisco site to download the latest image, with support for encryption. This is the image I will be installing :Β c2950-i6k2l2q4-mz.121-22.EA14.bin

After the image is downloaded, we need to configure the TFTP server. Mac OS X comes with tftpd automatically. You are going to want to place the imagine in /private/tftpboot. Β After you have copied the image there, make absolutely sure you update the permissions. Otherwise, your tftp request will timeout from your device.

After you update the permissions you are ready to start TFTP.


Great TFTP is running. Now we are ready to request it from the Cisco switch, aka the client in this scenario.

Copy TFTP Flash

Uh oh shaggy ! I am out of space. After doing a ‘dir flash’ I saw that really I had no choice, but to delete my existing flash image to make room for the new one. Feels dangerous and scary, but luckily this is my lab environment πŸ™‚

Deleting From Flash

Copy TFTP Flash Again (This time with our fingers crossed)

Whew…close one πŸ™‚ To be on the safe side we can verify our image like this.

Next we make our new flash image bootable.

Great, that looks good, now we are ready to reload our switch !

Once the switch comes back to life, validate the version info.

We went from 2004, to 2010…but 2010 is the latest image available for my ancient switch ! Awesome. Now we are ready to enable SSH in the next article !

Thanks for reading,
Jason Riedel