Secure Shell (SSH) provides support for IPv6 addresses that enable a Cisco device to accept and establish secure, encrypted
connections with remote IPv6 nodes over an IPv6 transport.
Prerequisites for SSH Support over IPv6
An IPsec (Data Encryption Standard [DES] or 3DES) encryption software image is loaded on your device. IPv6 transport for
the SSH server and SSH client requires an IPsec encryption software image.
A hostname and host domain are configured for your device.
A Rivest, Shamir, and Adelman (RSA) key pair, which automatically enables SSH, is generated for your device.
A user authentication mechanism for local or remote access is configured on your device.
To authenticate SSH clients, configure TACACS+ or RADIUS over an IPv4 transport and then connect to an SSH server over an
IPv6 transport.
The basic restrictions for SSH over an IPv4 transport apply to SSH over an IPv6 transport. The use of locally stored usernames
and passwords is the only user authentication mechanism supported by SSH over an IPv6 transport. TACACS+ and RADIUS user authentication
mechanisms are not supported over an IPv6 transport.
Information About SSH Support over IPv6
SSH over an IPv6 Transport
Secure shell (SSH) SSH in IPv6 functions the same and offers the same benefits as SSH in IPv4. The SSH server feature enables
an SSH client to make a secure, encrypted connection to a Cisco device, and the SSH client feature enables a Cisco device
to make a secure, encrypted connection to another Cisco device or to any other device running an SSH server. IPv6 enhancements
to SSH consist of support for IPv6 addresses that enable a Cisco device to accept and establish secure, encrypted connections
with remote IPv6 nodes over an IPv6 transport.
How to Enable SSH Support over IPv6
Enabling SSH on an IPv6 Device
This task is optional. If you do not configure SSH parameters, then the default values will be used.
Configuring Secure Shell and Secure Shell Version 2 Support chapters of the Security Configuration Guide.
Standards and RFCs
Standard/RFC
Title
RFCs for IPv6
IPv6 RFCs
Technical Assistance
Description
Link
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving
technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product
Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
This table provides release and related information for features explained in this module.
These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE
Everest 16.5.1a
SSH Support over IPv6
SSH provides support for IPv6 addresses that enable a Cisco device to accept and establish secure, encrypted connections
with remote IPv6 nodes over an IPv6 transport.
Support for this feature was introduced on all the models of the Cisco Catalyst 9500 Series Switches.
Cisco IOS XE Fuji 16.8.1a
SSH Support over IPv6
Support for this feature was introduced on the C9500-32C, C9500-32QC, C9500-48Y4C, and C9500-24Y4C models of the Cisco Catalyst
9500 Series Switches.
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator,
go to http://www.cisco.com/go/cfn.