Step 9
Enter
end
to exit the configuration mode.
[local]host_name(config)#
end
[local]host_name#
Step 10
Proceed to
Save the Basic Configuration, on page 112
.
Configuring SSH Options
SSHv2 RSA is the only version of SSH supported under StarOS. Keywords previously supported for SSHv1
RSA and SSHv2 DSA have been removed from or concealed within the StarOS CLI.
A keyword that was supported in a previous release may be concealed in subsequent releases. StarOS
continues to parse concealed keywords in existing scripts and configuration files created in a previous
release. But the concealed keyword no longer appears in the command syntax for use in new scripts or
configuration files. Entering a question mark (?) will not display a concealed keyword as part of the Help
text. Removed keywords generate an error message when parsed.
Important
Version 1 of the SSH protocol is now obsolete due to security vulnerabilities. The
v1-rsa
keyword has been
removed for the Context Configuration mode
ssh
command. Running a script or configuration that uses the
SSHv1-RSA key returns an error message and generates an event log. The output of the error message is
shown below:
CLI print failure Failure: SSH V1 contains multiple structural vulnerabilities and is no
longer considered secure. Therefore we don't support v1-rsa SSH key any longer, please
generate a new v2-rsa key to replace this old one.
If the system boots from a configuration that contains the
v1-rsa
key, you can expect a boot failure when
logging in through SSH. The workaround is to log in via the Console port, re-generate a new ssh v2-rsa key,
and configure server sshd. It will then be possible to log in via ssh.
The
v2-dsa keyword
is now concealed for the Context Configuration mode
ssh
command
The
v1-rsa
keyword has been removed from the Exec mode
show ssh key
CLI command.
Setting SSH Key Size
The Global Configuration mode
ssh key-size
CLI command configures the key size for SSH key generation
for all contexts (RSA host key only).
Step 1
Enter the Global Configuration mode.
[local]
host_name
#
configure
[local]
host_name
(config)#
Step 2
Specify the bit size for SSH keys.
[local]
host_name
(config)#
ssh key-size { 2048 | 3072 | 4096 | 5120 | 6144 | 7168 | 9216 }
The default bit size for SSH keys is 2048 bits.
ASR 5500 Installation Guide
106
Initial System Configuration
Configuring SSH Options
Summary of Contents for ASR 5500
Page 12: ...ASR 5500 Installation Guide xii Contents ...
Page 16: ...ASR 5500 Installation Guide xvi About this Guide Contacting Customer Support ...
Page 40: ...ASR 5500 Installation Guide 24 Technical Specifications Chassis Grounding ...
Page 74: ...ASR 5500 Installation Guide 58 Card Installation Save Shipping Cartons ...
Page 88: ...ASR 5500 Installation Guide 72 MIO Port Cabling Cleaning Fiber Optic Connectors ...
Page 112: ...ASR 5500 Installation Guide 96 System Power up show leds Command ...
Page 130: ...ASR 5500 Installation Guide 114 Initial System Configuration Additional Configuration Tasks ...
Page 164: ...ASR 5500 Installation Guide 148 Replaceable Components Returning Failed Components ...
Page 186: ...ASR 5500 Installation Guide 170 Console Port to Cisco Server Cabling Configuration ...
Page 192: ...ASR 5500 Installation Guide 176 RMA Shipping Procedures Rear Cards ...