Enhancements in Release F.04.08

Configuring Secure Shell (SSH)

The general steps for configuring SSH include:A. Client Preparation

1.Install an SSH client application on a management station you want to use for access to the switch. (Refer to the documentation provided with your SSH client application.)

2.Optional—If you want the switch to authenticate a client public-key on the client:

a.Either generate a public/private key pair on the client computer or (if your client application allows) or import a client key pair that you have generated using another SSH application.

b.Copy the client public key into an ASCII file on a TFTP server accessible to the switch and download the client public key file to the switch . (The client public key file can hold up to 10 client keys.) This topic is covered under “To Create a Client-Public-Key Text File” on page 96.

B.Switch Preparation

1.Assign a login (Operator) and enable (Manager) password on the switch (page 85).

2.Generate a public/private key pair on the switch (page 85).

You need to do this only once. The key remains in the switch even if you reset the switch to its factory-default configuration. (You can remove or replace this key pair, if necessary.)

3.Copy the switch’s public key to the SSH clients you want to access the switch (page 87).

4.Enable SSH on the switch (page 89).

5.Configure the primary and secondary authentication methods you want the switch to use. In all cases, the switch will use its host-public-key to authenticate itself when initiating an SSH session with a client.

•SSH Login (Operator) options:–Option A:Primary: Local, TACACS+, or RADIUS passwordSecondary: Local password or none–Option B:Primary: Client public-key authentication (login rsa — page 95)

Secondary: Local password or none

Note that if you want the switch to perform client public-key authentication, you must configure the switch with Option B.

•SSH Enable (Manager) options:Primary: Local, TACACS+, or RADIUS

Secondary: Local password or none

82