Extreme Networks Px Series manual Enabling SSH2 for Inbound Switch Access, Config ssh2 key

Page 42

The ExtremeWare SSH2 switch application also works with SSH2 client and server (version 2.x or later) from SSH Communication Security, and the free SSH2 and SCP2 implementation (version 2.5 or later) from OpenSSH. The SFTP file transfer protocol is required for file transfer using SCP2.

Enabling SSH2 for Inbound Switch Access

Because SSH2 is currently under U.S. export restrictions, you must first obtain a security-enabled version of the ExtremeWare software from Extreme Networks before you can enable SSH2. The procedure for obtaining a security-enabled version of the ExtremeWare software is described in the ExtremeWare Software User Guide.

You must enable SSH2 on the switch before you can connect to it using an external SSH2 client. Enabling SSH2 involves two steps:

•Enabling SSH2 access, which may include specifying a list of clients that can access the switch, and specifying a TCP port to be used for communication. By default, if you have a security license, SSH2 is enabled using TCP port 22, with no restrictions on client access.

•Generating or specifying an authentication key for the SSH2 session.

To enable SSH2, use the following command:

enable ssh2 {access-profile [<access_profile> none] {port

<tcp_port_number>}}

You can specify a list of predefined clients that are allowed SSH2 access to the switch. To do this, you must create an access profile that contains a list of allowed IP addresses. For more information on creating access profiles, refer to the ExtremeWare Software User Guide.

You can also specify a TCP port number to be used for SSH2 communication. By default the TCP port number is 22. The supported cipher is 3DES-CBC. The supported key exchange is DSA.

An authentication key must be generated before the switch can accept incoming SSH2 sessions. This can be done automatically by the switch, or you can enter a previously generated key. To have the key generated by the switch, use the following command:

config ssh2 key

4-12	Px Series Application Switch Installation and Configuration Guide

Image 42

Contents Published April Part number 100101-00 Rev Page Contents Installing the PxM Application Switch Module Configuring Servers and Services Index Index of Commands Preface IntroductionIcon Alerts you to ConventionsText Conventions Convention DescriptionRelated Publications Preface Server Load Balancing Concepts Purpose of Server Load BalancingTerms 1Conceptual view of server load balancingLoad Balancing Modes Layer 4 Load BalancingLayer 7 Load Balancing and Content Analysis 2Single client-server transaction using layer3Establishing a layer 7 request Getting Started on Load Balancing Configuration Port RewriteGetting Started on Load Balancing Configuration Page Installing the SummitPx1 Application Switch Overview of the SummitPx1 Application SwitchSummitPx1 Front View 1Px series application switch LEDs Color Indicates2DB-9 Adapter Pinouts SummitPx1 Application Switch Rear ViewSignal Description To DB-9Installing the SummitPx1 Application Switch Determining the LocationRack Mounting Powering On the SummitPx1 Free-StandingSetting Up Console Communication Configuring Switch IP Parameters Configuring the 10/100 Ethernet Management Port Installing the PxM Application Switch Module Installing I/O ModulesRemoving I/O Modules Removing I/O Modules Page Managing the Switch Syntax Symbols Using the Command-Line InterfaceAbbreviated Syntax and Command Completion 1Command Syntax SymbolsSpecifying Text Values Symbol DescriptionLine-Editing Keys 2Line-Editing KeysConfiguring Management Access Command HistoryPrompt Text Changing the Default Passwords Creating Accounts Modifying AccountsCommand Description Managing the PxMConfiguring VLANs Setting Description System Configuring Snmp 4SNMP Configuration Settings ContactConfiguring DNS Client Services SettingDescriptionUsing Secure Shell 2 SSH2 5DNS Client Configuration CommandsEnabling SSH2 for Inbound Switch Access Config ssh2 keyUsing SCP2 from an External SSH2 Client SSH2 Client Functions on the Switch Utilities Showing CPU LoadChecking Basic Connectivity Logging Configuring a Startup Banner Message Starting the GlobalPx Content Director AgentExample Configuration Internet DNS serverFollowing commands configure all system-related facilities Page Configuring Servers and Services Configuring Real ServersConfiguring Server Groups Configuring Virtual Services Layer 7 Virtual Services Layer 4 Port-based Load BalancingConfiguring Traffic Tagging Configuration Example 1Tag SpecificationsTag Specification Description Tag Range Configuration Example Page Choosing Policies, Persistence Modes, and NAT Scheduling PoliciesPersistence Modes 1Scheduling PoliciesSpecifier Policy Description Client IP Persistence Mode UDP Flow Persistence1Client IP persistence mode Configuring Client IP Stickiness Cookie Persistence Modes2Self-identifying cookie persistence mode Persistence Modes Hashed Cookie Persistence Session Learned Cookie Persistence Mode 4Learned cookie persistence mode Configuring Cookie Stickiness SSL Session Identifier Persistence Full-NAT Mode NAT ModesServer-only Half-NAT Mode Configuring Full-NAT Mode and Proxy IP AddressesConfiguring Half-NAT Mode Config source-flow name next-hop gateway-mode ip Real Syslog server SummitPx1 Configuration Example Page URL Switching Domain and URL SwitchingDomain Switching 1Typical switching scenario2Domain switching example Configuring URL Switching URL Switching3Simple URL switching example 4More Complicated URL switching example 5Hierarchical approach to pattern rules Creating Domain and URL Switching Rules 1Wildcard CombinationsWildcard Example Definition Modifying Existing URL Rules and Domains Application Servers Management net Configuration Example Page Configuring Redundancy Using Vrrp with the SummitPx1Adding and Configuring VRRPs Give backup systems lower prioritiesUsing Vrrp in Existing Redundant Networks 1Application switch using multiple VLANs Vrrp Automatic SynchronizationFollowing commands can be passed from master to backup Configuring Redundancy for the PxM Using Esrp with the PxMConfiguring the PxM for Multiple VLANs For SW2Configuring a Default Gateway Health Checks OverviewServer Startup Pacing Health Checking Procedure Configuring Health Checks Timers and CountersTypes of Health Checks You can disable health checks for a server group Page Monitoring the Switch 1Statistics Display CommandsShowing Traffic Statistics Displays packet-level counters for Showing Configuration Details 2Configuration Display CommandsConfiguration Displays Status Displays SummitPx128 # show server detailsShow health Information Column DescriptionManaging and Troubleshooting Operation 5Management and Troubleshooting CommandsCommandDescription Index EsrpHttp GET AUX Page Index of Commands