94
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring and Managing IP Interfaces and Services
Managing SSH
MSS supports Secure Shell (SSH) Version 2. SSH provides secure management access to
the CLI over the network. SSH requires a valid username and password for access to the
switch. When a user enters a valid username and password, SSH establishes a management
session and encrypts the session data.
Login Timeouts
When you access the SSH server on an Switch, MSS allows you 10 seconds to press Enter
for the username prompt. After the username prompt is displayed, MSS allows 30 seconds
to enter a valid username and password to complete the login. If you do not press Enter or
complete the login before the timer expires, MSS ends the session. These timers are not
configurable.
Session Timeouts
Each SSH session is governed by two timeouts:
• Idle timeout - controls how long an open SSH session can remain idle before MSS
closes the session. The default idle timeout is 30 minutes. You can set the idle
timeout to a value from 0 (disabled) to 2,147,483,647 minutes.
• Absolute timeout - controls how long an SSH session can remain open, regardless
of how active the session is. The absolute timeout is disabled by default. D-Link
recommends using the idle timeout to close unused sessions. However, if the idle
timeout is disabled, MSS changes the default absolute timeout from 0 (disabled) to
60 minutes to prevent an abandoned session from remaining open indefinitely. You
can set the absolute timeout to a value from 0 (disabled) to 2,147,483,647 minutes.
To ensure that all CLI management sessions are encrypted, after you configure SSH, disable
Telnet.
Enabling SSH
SSH is enabled by default. However, to use SSH, you must generate an SSH
authentication key, using the following command:
crypto
generate
key
ssh
{
1024
|
2048
}
To disable or reenable SSH, use the following command:
set ip ssh server
{
enable
|
disable
}
Summary of Contents for DWS-1008
Page 1: ......