Enhancements in Release F.04.08

Configuring Secure Shell (SSH)

1.Use your SSH client application to create a public/private key pair. Refer to the documentation provided with your SSH client application for details. The Series 2500 switches support the following client-public-key properties:

Property

Supported

Comments

 

Value

 

 

 

 

Key Format

ASCII

 

(no PEM or

 

other

 

encoding)

See figure 33 on page 88. The key must be one unbroken, non-encoded ASCII string. If you add more than one client-public-key to a file, terminate each key (except the last one) with a <CR><LF>. Spaces are allowed within the key to delimit the key’s components. Also, the switch supports only SSH version 1. If your SSH client supports SSHv2, then it may use the PEM format for creating its public key. In this case, you will need a method for converting the switch’s PEM-formatted public key into an ASCII-string equivalent. Note that, unlike the the use of the switch’s public key in an SSH client application, the format of a client-public-key used by the switch does not include the client’s IP address.

Key Type

RSA only

 

Maximum Supported

3072 bits

Shorter key lengths allow faster operation, but also mean diminished security.

Public Key Length

 

 

Maximum Key Size

1024

Includes the bit size, public index, modulus, any comments, <CR>, <LF>, and

 

characters

all blank spaces.

 

 

If necessary, you can use an editor application to verify the size of a key. For

 

 

example, if you place a client-public-key into a Word for Windows text file and

 

 

then click on File Properties Statistics, you can view the number of charac-

 

 

ters in the file, including spaces.

 

 

 

2.Copy the client’s public key (in ASCII, non-encoded format) into a text file (filename.txt). (For example, you can use the Notepad editor included with the Microsoft® Windows® software. If you want several clients to use client public-key authentication, copy a public key for each of these clients (up to ten) into the file. Each key should be separated from the preceding key by a <CR><LF>.

3.Copy the client-public-key file into a TFTP server accessible to the switch.Copying a client-public-key into the switch requires the following:

One or more client-generated public keys in non-encoded ASCII format. If you are using an SSHv2 client application, a client may encode its public key in PEM format. To use the client public-key feature, you will need to convert the key to a non-encoded ASCII format. Refer to the documentation provided with your SSH client application.

A copy of each client public key (up to ten) stored in a single text file on a TFTP server to which the switch has access. (The text file should contain all client public keys for the clients you want to have access to the switch.) Terminate all client public-keys in the file except the last one with a <CR><LF>.

97