Enhancements in Release F.04.08

Configuring Secure Shell (SSH)

6.Use your SSH client to access the switch using the switch’s IP address or DNS name (if allowed by your SSH client application). Refer to the documentation provided with the client application.

General Operating Rules and Notes

Any SSH client application you use must offer backwards-compatibility to SSHv1 keys and operation.

Public keys generated on an SSH client computer must be in ASCII format (used in SSHv1) if you want to be able to authenticate a client to the switch. The switch does not support keys generated in the PEM (base-64 Privacy Enhanced Mode) format. See the Note under “Prerequisite for Using SSH” on page 80.

The switch’s own public/private key pair and the (optional) client public key file are stored in the switch’s flash memory and are not affected by reboots or the erase startup-configcommand.

Once you generate a key pair on the switch you should avoid re-generating the key pair without a compelling reason. Otherwise, you will have to re-introduce the switch’s public key on all management stations (clients) you previously set up for SSH access to the switch. In some situations this can temporarily allow security breaches.

When stacking is enabled, SSH provides security only between an SSH client and the stack manager. Communications between the stack commander and stack members is not secure.

The switch does not support outbound SSH sessions. Thus, if you Telnet from an SSH-secure switch to another SSH-secure switch, the session is not secure.

83