Configuring Secure Shell (SSH)

General Operating Rules and Notes

General Operating Rules and Notes

Public keys generated on an SSH client must be exportable to the switch. The switch can only store 10 client key pairs.

The switch’s own public/private key pair and the (optional) client public key file are stored in the switch’s flash memory and are not affected by reboots or the erase startup-configcommand.

Once you generate a key pair on the switch you should avoid re- generating the key pair without a compelling reason. Otherwise, you will have to re-introduce the switch’s public key on all management stations (clients) you previously set up for SSH access to the switch. In some situations this can temporarily allow security breaches.

The switch does not support outbound SSH sessions. Thus, if you Telnet from an SSH-secure switch to another SSH-secure switch, the session is not secure.

With SSH running, the switch allows one console session and up to five other sessions (SSH and/or Telnet).

6-8