12-41
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 12 Configuring Switch-Based Authentication
How to Configure Switch-Based Authentication
Step 4 crypto key generate rsa Enables the SSH server for local and remote authentication on the switch
and generates an RSA key pair.
We recommend that a minimum modulus size of 1024 bits.
When you generate RSA keys, you are prompted to enter a modulus
length. A longer modulus length might be more secure, but it takes longer
to generate and to use.
Step 5 ip ssh version [1 | 2](Optional) Configures the switch to run SSH Version 1 or SSH Version 2.
1—Configures the switch to run SSH Version 1.
2—Configures the switch to run SSH Version 2.
If you do not enter this command or do not specify a keyword, the SSH
server selects the latest SSH version supported by the SSH client. For
example, if the SSH client supports SSHv1 and SSHv2, the SSH server
selects SSHv2.
Step 6 ip ssh {timeout seconds |
authentication-retries number}
Configures the SSH control parameters.
Specifies the time-out value in seconds; the default is 120 seconds.
The range is 0 to 120 seconds. This parameter applies to the SSH
negotiation phase. After the connection is established, the switch uses
the default time-out values of the CLI-based sessions.
By default, up to five simultaneous, encrypted SSH connections for
multiple CLI-based sessions over the network are available (session 0
to session 4). After the execution shell starts, the CLI-based session
time-out value returns to the default of 10 minutes.
Specifies the number of times that a client can reauthenticate to the
server. The default is 3; the range is 0 to 5.
Repeat this step when configuring both parameters.
Step 7 line vty line_number
[ending_line_number]
transport input ssh
(Optional) Configures the virtual terminal line settings.
Enters line configuration mode to configure the virtual terminal line
settings. line_number and ending_line_number specifiy a pair of
lines. The range is 0 to 15.
Specifies that the switch prevent non-SSH Telnet connections. This
limits the router to only SSH connections.
Step 8 end Returns to privileged EXEC mode.
Step 9 show ip ssh
or
show ssh
Shows the version and configuration information for your SSH server.
Shows the status of the SSH server on the s witch.
Command Purpose