Your IOS image on your router must be a k9 image that supports encryption.

ConfigurationRouter> config terminal
Router (config)# hostname <the name of the router>
Router (config)# ip domain-name domainname <a domain that the router services>

At this point, you're ready to enable the SSH server on the router. To enable the SSH server, you must first generate an RSA key pair using the following command:

Router (config)# crypto key generate rsa

Generating an RSA key pair for the router automatically enables SSH. If you delete the RSA key pair, this automatically disables the SSH server.

The last step to implementing SSH is to enable Authentication, Authorization, and Accounting (AAA). When you configure AAA, specify usernames and passwords, the session timeout, and the number of retries allowed during a connection attempt. Use the global commands, as shown below:

Router (config)# aaa new-model
Router (config)# username <username> password <password>
Router (config)# ip ssh time-out <second>
Router (config)# ip ssh authentication-retries <value>

To verify that you've configured SSH and it's running on the router, execute the following command:

Router# show ip ssh

After verifying the configuration, you're ready to force the users that you added during the AAA configuration to use SSH instead of Telnet. You can do so by requiring SSH for virtual terminal (vty) connections.
Here's an example:

Router (config)# line vty 0 4
Router (config-line)# transport input SSH