You wish to configure Secure Shell (SSH) support on your router so that incoming VTY connections are
secure.
Which of the following commands must be configured? (Choose all that apply.)

A.
ip domain-name

B.
transport input ssh

C.
ip access-group

D.
crypto key generate rsa

E.
service config

Explanation:
Secure Shell (SSH) provides a secure alternative to Telnet for remote management of a Cisco device.
Configuring Secure Shell (SSH) support on a Cisco router involves a minimum of three commands:
ip domain-name [domain-name]: configures the DNS of the router (global configuration mode)
crypto key generates rsa: generates a cryptographic key to be used with SSH (global configuration mode)
transport input ssh: allows SSH connections on the router’s VTY lines (VTY line configuration mode)
The transport input ssh command allows only SSH connectivity to the router, and prevents clear-text Telnet
connections. To enable both SSH and Telnet, you would use the transport input ssh telnet command.
The ip access-group command is incorrect because this command is used to activate an access control list
(ACL) on an interface, and does not pertain to SSH.
The service config command is incorrect because this command is used to automatically configure routers from
a network server, and does not pertain to SSH.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot basic device hardening

Cisco > Support > Technology Support > Security and VPN > Secure Shell (SSH) > Design > Configuring
Secure Shell on Routers and Switches Running Cisco IOS > Document ID: 4145