User Guide
522
Configuring Access Security
Access Security Configurations
2.2.4 Configuring the SSH Feature
Follow these steps to configure the SSH function:
Step 1
configure
Enter global configuration mode.
Step 2
ip ssh server
Enable the SSH function. By default, it is disabled.
Step 3
ip ssh version
{ v1 | v2 }
Configure to make the switch support the corresponding protocol. By default, the switch
supports SSHv1 and SSHv3.
v1 | v2
:
Select to enable the corresponding protocol.
Step 4
ip ssh timeout
value
Specify the idle timeout time. The system will automatically release the connection when the
time is up.
value
:
Enter the value of the timeout time, which ranges from 1 to 120 seconds. The default
value is 120 seconds.
Step 5
ip ssh max-client
num
Specify the maximum number of the connections to the SSH server. New connection will not
be established when the number of the connections reaches the maximum number you set.
num
:
Enter the number of the connections, which ranges from 1 to 5. The default value is 5.
Step 6
ip ssh algorithm
{ AES128-CBC | AES192-CBC | AES256-CBC | Blowfish-CBC | Cast128-CBC |
3DES-CBC | HMAC-SHA1 | HMAC-MD5 }
Enable the corresponding algorithm. By default, these types are all enabled.
AES128-CBC | AES192-CBC | AES256-CBC | Blowfish-CBC | Cast128-CBC | 3DES-CBC
:
Specify the encryption algorithm you want the switch supports.
HMAC-SHA1 | HMAC-MD5
:
Specify the data integrity algorithm you want the switch supports.
Step 7
ip ssh download
{ v1 | v2 }
key-file
ip-address
ip-addr
Select the type of the key file and download the desired file to the switch from TFTP server.
v1 | v2
:
Select the key type. The algorithm of the corresponding type is used for both key
generation and authentication.
key-file
:
Specify the name of the key file saved in TFTP server. Ensure the key length of the
downloaded file is in the range of 512 to 3072 bits.
ip-addr
:
Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are
supported.
Step 8
show ip ssh
Verify the global configuration of SSH.
Downloaded from