Accessing the switch 23
Secure Shell and Secure Copy
Secure Shell (SSH) and Secure Copy (SCP) use secure tunnels to encrypt and secure messages between a
remote administrator and the switch. Telnet does not provide this level of security. The Telnet method of managing
a switch does not provide a secure connection.
SSH
is a protocol that enables remote administrators to log securely into the switch over a network to execute
management commands. By default, SSH is disabled (off) on the switch.
SCP is typically used to copy files securely from one machine to another. SCP uses SSH for encryption of data on
the network. On a switch, SCP is used to download and upload the switch configuration via secure channels. By
default, SCP is disabled on the switch.
The switch implementation of SSH is based on version 1.5 and version 2.0, and supports SSH clients from version
1.0 through version 2.0. Client software can use SSH version 1 or version 2. The following SSH clients are
supported:
•
SSH 3.0.1 for Linux (freeware)
•
SecureCRT® 4.1.8 (VanDyke Technologies, Inc.)
•
OpenSSH_3.9 for Linux (FC 3)
•
FedoraCore 3 for SCP commands
•
PuTTY Release 0.58 (Simon Tatham) for Windows
Configuring SSH and SCP features (AOS CLI example)
Before you can use SSH commands, use the following commands to turn on SSH and SCP.
Enabling or disabling SSH
To enable the SSH feature, connect to the switch CLI and enter the following commands:
>> # /cfg/sys/sshd/on (Turn SSH on)
Current status: OFF
New status: ON
SSHD# apply (Apply the changes to start generating
RSA host and server keys)
RSA host key generation starts
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
RSA host key generation completes (lasts 212549 ms)
RSA host key is being saved to Flash ROM, please don’t reboot the box
immediately.
RSA server key generation starts
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
RSA server key generation completes (lasts 75503 ms)
RSA server key is being saved to Flash ROM, please don’t reboot the box
immediately.
-------------------------------------------------------------------------
Apply complete; don’t forget to “save” updated configuration.
NOTE: Secure Shell can be configured using the console port only. SSH menus do not display if you access
the switch using Telnet or the Browser-based Interface.