Note:
The switch must be reset for the new certificate to be activated. To reset the
switch, type “reload” at the command prompt:
Console#reload
Configuring the Secure Shell
The Berkley-standard includes remote access tools originally designed for Unix
systems. Some of these tools have also been implemented for Microsoft Wi ndows
and other environments. These tools, including commands su ch as rlog in (remote
login), rsh (remote shell), and rcp (remote copy), are not secure from hosti le a tta cks .
The Secure Shell (SSH) includes server/client applications intended as a secure
replacement for the older Berkley remote access tools. SSH can also provide
remote management access to this switch as a secure replaceme nt for Teln et.
When the client contacts the switch via the SSH protocol, the switch gene rates a
public-key that the client uses along with a local user name and password for acc es s
authentication. SSH also encrypts all data transfers passing between the switch an d
SSH-enabled management station clients, and ensures that data traveling over the
network arrives unaltered.
Note that you need to install an SSH client on the management station to access the
switch for management via the SSH protocol.
Note:
The switch supports both SSH Version 1.5 and 2.0 clients.
Command Usage
The SSH server on this switch supports both password and public ke y
authentication. If password authentication is specified by the SSH cl ient, then the
password can be authenticated either locally or via a RADIUS o r TACACS + remote
authentication server, as specified on the
Authentication Settings
page (page 6-2).
If public key authentication is specified by the client, then you must configure
authentication keys on both the client an d the switch as described in the followin g
section. Note that regardless of whether you use public ke y or password
authentication, you still have to generate authentication keys on the switch (SSH
Host Key Settings) and enable the SSH server (Authentication Settings).
To use the SSH server, complete these steps:
1. Generate a Host Key Pair – On the SSH Host Key Settin gs page, creat e a host
public/private key pair.
2. Provide Host Public Key to Clients – Many SSH cl ient programs automati cally
import the host public key during the init ial connec tion se tup with the switch.
Otherwise, you need to manually create a known ho sts file on t he manage ment

6-8

CLI
– This example copies the certificate file from the designated TFTP server.
Console#copy tftp https-certificate
TFTP server ip address: <server ip-address>
Source certificate file name: <certificate file name>
Source private file name: <private key file name>
Private password: <password
f
o
r
private
k
e
y
>
2
3
-
1
1
User Authentication

6