Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring Switch Authentication Features (Rev. 03)
Secure Shell Server (SSH)
© 2008 Foundry Networks, Inc.
Page 14 of 70
Usage of SSH
If SSH is enabled on device, telnet access can be disabled to force all administrative sessions to run
over the encrypted channel that SSH provides. In such a case, attackers will not be able to find
open telnet ports.
To disable the telnet access use the following command in Global Configuration mode:
device-name
(config)#
telnet stop
Security Considerations
When the user logs into the SSH server for the first time, the SSH client usually issues a security
alert message such as in
Figure 1.
Figure 1: Security Alert Message Issued by the SSH Client
Regard this as a warning that the security and secrecy of the data on the computer may be
jeopardized. If in a later login the same message appears (even though the user has confirmed the
trust on the initial connection), then either the user is exposed to a malicious intrusion, or the server
administrator has reconfigured the keys.
The keys are configured with the
ssh generate-key
dsa
command described in the section:
Configuring SSH Server.
When using an SSH client to log into a device, avoid using a telnet client
from that device to another host. This precaution is required to prevent making the secure
connection vulnerable to anyone who may spy on both network connections.
Supported Clients
The user can use the application software SSH server with SSH clients such as:
•
The SSH client of SSH Communications Security Corp.
•
The OpenSSH secure shell client.
•
The PuTTY terminal program.
•
The F-Secure SSH client.
•
Any other client that supports SSH (version 2).
•
SecureCRT.