Enhancements in Release F.04.08

Configuring Secure Shell (SSH)

To Generate or Erase the Switch’s Public/Private RSA Host Key Pair. Because the host key pair is stored in flash instead of the running-config file, it is not necessary to use write memory to save the key pair. Erasing the key pair automatically disables SSH.

Syntax:

crypto key generate [rsa]

Generates a public/private key pair for

 

 

the switch. If a switch key pair already exists, replaces

 

 

it with a new key pair. (See the Note, above.)

 

crypto key zeroize [rsa]

Erases the switch’s public/private key pair

 

 

and disables SSH operation.

 

show ip ssh host-public-key

Displays switch’s public key as an ASCII string.

 

[ babble ]

Displays a hash of the switch’s public key in phonetic

 

 

format. (See “Displaying the Public Key” on page 88.)

 

[ fingerprint ]

Displays a "fingerprint" of the switch’s public key in

 

 

hexadecimal format. (See "Displaying the Public Key"

 

 

on page 88.)

For example, to generate and display a new key:

Host Public Key for the Switch

Figure 31. Example of Generating a Public/Private Host Key Pair for the Switch

Notes

"Zeroizing" the switch’s key automatically disables SSH (sets IP SSH to No). Thus, if you zeroize the key and then generate a new key, you must also re-enable SSH with the ip ssh command before the switch can resume SSH operation.

86