9-48
Catalyst 3750 SwitchSoftware Configuration Guide
OL-8550-09
Chapter9 Configuring Switch-Based Authenticatio n
Configuring the Switch for Secure Shell
Setting Up the Switch to Run SSH
Follow these steps to set up your switch to run SSH:
1. Download the cryptographic software image from Cisco.com. This step is required. For more
information, see the release notes for this release.
2. Configure a hostname and IP domain name for the switch. Follow this procedure only if you are
configuring the switch as an SSH server.
3. Generate an RSA key pair for the switch, which automatically enables SSH. Follow this procedure
only if you are configuring the switch as an SSH server.
4. Configure user authentication for local or remote access. This step is required. For more
information, see the “Configuring the Switch for Local Authentication and Authorization” section
on page 9-44.
Beginning in privileged EXEC mode, follow these steps to configure a hostname and an IP domain name
and to generate an RSA key pair. This procedure is required if you are configuring the switch as an SSH
server.
To delete the RSA key pair, use the crypto key zeroize rsa global configuration command. After the
RSA key pair is deleted, the SSH server is automatically disabled.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 hostname hostname Configure a hostname for your switch.
Step3 ip domain-name domain_name Configure a host domain for your switch.
Step4 crypto key generate rsa Enable the SSH server for local and remote authentication on the switch
and generate an RSA key pair.
We recommend that a minimum modulus size of 1024 bits.
When you generate RSA keys, you are prompted to enter a modulus
length. A longer modulus length might be more secure, but it takes longer
to generate and to use.
Step5 end Return to privileged EXEC mode.
Step6 show ip ssh
or
show ssh
Show the version and configuration information for your SSH server.
Show the status of the SSH server on the switch.
Step7 copy running-config startup-config (Optional) Save your entries in the configuration file.