CISCO CCNA 200-301 Q142

Which Cisco command will display the version and configuration data for Secure Shell (SSH)?

A. show ssh
B. show ip ssh
C. debug ssh
D. debug ip ssh

Correct Answer: B

The show ip ssh command is used to display the version and configuration data for SSH on a Cisco router. The following is sample output of the show ip ssh command:

router#show ip ssh
SSH Enabled – version 1.5
Authentication timeout: 120 secs; Authentication retries: 2

This show ip ssh command output displays the enabled status of the SSH protocol, the retries parameter (configured at two attempts), and the timeout of 120 seconds.

The following message will appear when the show ip ssh command is issued and SSH has been disabled:

router# show ip ssh
%SSH has not been enabled

To enable SSH include the transport input SSH command when configuring authentication on a line. For example, the configuration of a Cisco network device to use SSH on incoming communications via the virtual terminal ports, with a specified password as shown from the partial output of the show run command is shown below:

line vty 0 4
password 7 030752180500 login
transport input ssh

It is important to note the login command on the third line of the above ouput is critical for security. This command instructs the device to prompt for a username and password using SSH. If this line reads no login, SSH might be otherwise be correctly configured, but the device will never prompt for the username and password.

The debug ip ssh command is used to display debug messages for SSH.

The debug ssh command is not a valid Cisco command.