C
OMMAND
L
INE
I
NTERFACE
4-48
5.
Enable SSH Service – Use the
ip ssh server
command to enable the
SSH server on the switch.
6.
Configure Challenge-Response Authentication – When an SSH client
attempts to contact the switch, the SSH server uses the host key pair to
negotiate a session key and encryption method. Only clients that have a
private key corresponding to the public keys stored on the switch can
gain access. The following exchanges take place during this process:
a.
The client sends its public key to the switch.
b.
The switch compares the client's public key to those stored in
memory.
c.
If a match is found, the switch uses the public key to encrypt a
random sequence of bytes, and sends this string to the client.
d.
The client uses its private key to decrypt the bytes, and sends the
decrypted bytes back to the switch.
e.
The switch compares the decrypted bytes to the original bytes it sent.
If the two sets match, this means that the client's private key
corresponds to an authorized public key, and the client is
authenticated.
Note:
To use SSH with only password authentication, the host public key
must still be given to the client, either during initial connection or
manually entered into the known host file. However, you do not
need to configure the client’s keys.
ip ssh server
This command enables the Secure Shell (SSH) server on this switch. Use
the
no
form to disable this service.
Syntax
[
no
]
ip ssh server
Default Setting
Disabled
Summary of Contents for 6128L2
Page 2: ......
Page 21: ...CONTENTS xvii Glossary Index ...
Page 22: ...CONTENTS xviii ...
Page 26: ...TABLES xxii ...
Page 40: ...INTRODUCTION 1 10 ...
Page 54: ...INITIAL CONFIGURATION 2 14 ...
Page 193: ...PORT CONFIGURATION 3 139 Figure 3 61 Displaying Etherlike and RMON Statistics ...
Page 257: ...QUALITY OF SERVICE 3 203 Figure 3 90 Configuring Policy Maps ...
Page 313: ...COMMAND GROUPS 4 13 PE Privileged Exec VC VLAN Database Configuration ...
Page 592: ...TROUBLESHOOTING B 4 ...
Page 605: ......