BLADEOS 6.5.2 Application Guide

Generating RSA Host and Server Keys for SSH Access

To support the SSH server feature, two sets of RSA keys (host and server keys) are required. The host key is 1024 bits and is used to identify the G8124. The server key is 768 bits and is used to make it impossible to decipher a captured session by breaking into the G8124 at a later time.

When the SSH server is first enabled and applied, the switch automatically generates the RSA host and server keys and stores them in FLASH memory.

To configure RSA host and server keys, first connect to the G8124 through the console port (commands are not available via external Telnet connection), and enter the following commands to generate them manually.

RS G8124(config)# ssh generate-host-key

RS G8124(config)# ssh generate-server-key

When the switch reboots, it will retrieve the host and server keys from the FLASH memory. If these two keys are not available in the flash and if the SSH server feature is enabled, the switch automatically generates them during the system reboot. This process may take several minutes to complete.

The switch can also automatically regenerate the RSA server key. To set the interval of RSA server key autogeneration, use this command:

RS G8124(config)# ssh interval <number of hours (0-24)>

A value of 0 (zero) denotes that RSA server key autogeneration is disabled. When greater than 0, the switch will autogenerate the RSA server key every specified interval; however, RSA server key generation is skipped if the switch is busy doing other key or cipher generation when the timer expires.

Note – The switch will perform only one session of key/cipher generation at a time. Thus, an SSH/SCP client will not be able to log in if the switch is performing key generation at that time. Also, key generation will fail if an SSH/SCP client is logging in at that time.

SSH/SCP Integration with Radius Authentication

SSH/SCP is integrated with RADIUS authentication. After the RADIUS server is enabled on the switch, all subsequent SSH authentication requests will be redirected to the specified RADIUS servers for authentication. The redirection is transparent to the SSH clients.

60 ￿ Chapter 3: Securing Administration

BMD00220, October 2010

Page 59 Page 61
Page 60
Image 60
Blade ICE G8124 manual Generating RSA Host and Server Keys for SSH Access, SSH/SCP Integration with Radius Authentication
Page 59 Page 61

G8124-E, G8124 specifications

The Blade ICE G8124 is a cutting-edge networking solution designed for high-performance data center environments. It has emerged as a popular choice among organizations that require reliable and efficient network infrastructure to support their growing demands for bandwidth and low-latency connectivity.

One of the key features of the Blade ICE G8124 is its high port density. This networking device typically offers 24 ports of 10 Gigabit Ethernet, ensuring that businesses can connect numerous devices without requiring extensive physical space. The design is also scalable, accommodating future expansion as organizational needs grow.

Another significant aspect of the G8124 is its advanced switching capabilities. It utilizes a non-blocking architecture, enabling simultaneous data transmissions on all ports. This characteristic ensures that there is no bottleneck in the network traffic, providing the high performance needed in data-intensive applications.

The G8124 incorporates various technologies to enhance its functionalities. It supports Layer 2 and Layer 3 switching, making it versatile for different networking needs. Additionally, it features comprehensive Quality of Service (QoS) settings that prioritize critical applications, such as VoIP and video streaming, ensuring smooth operation even under heavy loads.

In terms of security, the Blade ICE G8124 provides robust measures to protect the network. It supports features such as Access Control Lists (ACLs), port security, and VLANs, allowing administrators to segment the network and restrict unauthorized access. These security capabilities are vital in today’s landscape, where cyber threats are increasingly common.

Moreover, the G8124 offers excellent management features. It includes an intuitive user interface for easy configuration and monitoring of network performance. SNMP support allows integration with network management systems, providing administrators with insights needed to optimize their operations.

Power efficiency is also a hallmark of the Blade ICE G8124. It employs energy-saving technologies that reduce operational costs, an essential factor for environmentally-conscious organizations striving to minimize their carbon footprint.

In summary, the Blade ICE G8124 stands out with its high port density, advanced switching capabilities, robust security features, and efficient management options. This networking solution is designed to meet the demands of modern data centers, providing the performance, reliability, and scalability that organizations require. With its innovative technologies, the G8124 ensures that businesses can navigate the complexities of today's networking landscape effectively.
Top Page Image Contents