SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network. In addition to providing secure network services, SSH refers to the suite of utilities that implement the SSH protocol. Secure Shell provides strong password authentication and public key authentication, as well as encrypted data communications between two computers connecting over an open network, such as the internet. In addition to providing strong encryption, SSH is widely used by network administrators for managing systems and applications remotely, enabling them to log in to another computer over a network, execute commands and move files from one computer to another.
For many years the recommendation is to work with SSH instead of Telnet, but besides enabling SSH we can add some parameters to improve security.
Even using SSH we are subject to vulnerabilities in the protocols and algorithms it uses, so if your equipment / software allows it, add the parameters below to increase security in remote access.
#1) Create the key with at least 2048 bits. You can also use the 4096, which makes the connection a little slower, but it's more secure:
#2) Use SSHv2 whenever possible:
#3) Accept SSH on "line vty":
#4) Set the timeout and number of authentication attempts:
#5) Choose strong algorithms:
#6) When adding the user, use the secret word instead of the password:
#7) Limit the origin of accesses using ACL:
Checking the settings can be done with the "show ip ssh" command: