(1) requires either "login local" or an AAA server to function properly, sometimes glitch: just "login" and a "password" will usually allow SSH connection without username, and must match vty-password like telnet (bad-config) - - - - - - - - - - - (2) Must have "ip domain-name" configured for rsa-key generation, -AND- most IOS's will force you to change from [Router] or [Switch] as hostnames. however- they don't require any special domain-names. The following example was R1 & xyz for domain-name ( "R1#show crypto key mypubkey rsa" => "Key name: R1.xyz") - - - - - - - - - - (3) "crypto key generate rsa" will prompt you for the minimum key sizes, usually [512] // note 768-bits required if: "ip ssh version 2" was already configured, and you want to prevent the host from falling back to version-1 / - - - - - - - - - - (4) vty-config= "transport input ssh" will not allow any vty-connections other than ssh /// - - - - there are many cisco docs on SSH, some are more than 10 years old, and may no longer be accurate. On the whole, "I" found them confusing. - - - using 2 cisco-simulators and the Boson-CCNA-Simulator, I put together 2 docs that seem to be accurate and easy to understand for the basics of ssh as of Jan-1-2016, see here: { http://www.zipz-services.com/skillset/SSH-Basics-for-CCNA-2015.pdf } -and- { http://www.zipz-services.com/skillset/SSH-Versions_about.pdf }