Configuring Secure Shell (SSH)

 

 

 

Configuring the Switch for SSH Operation

 

 

 

 

Notes

 

"Zeroizing" the switch’s key automatically disables SSH (sets ip ssh to no).

 

 

Thus, if you zeroize the key and then generate a new key, you must also re-

 

 

enable SSH with the ip ssh command before the switch can resume SSH

 

 

operation.

 

 

 

 

Configuring Key Lengths

 

 

 

 

 

 

 

 

The crypto key generate ssh command allows you to specify the type and length

 

 

of the generated host key. The size of the host key is platform-dependent as

 

 

different switches have different amounts of processing power. The size is

 

 

represented by the <keysize> parameter and has the values shown in

 

 

Table 6-2. The default value is used if keysize is not specified.

Table 6-2.

RSA/DSA Values

 

 

 

 

 

 

Platform

 

Maximum RSA Key Size (in bits)

DSA Key Size (in bits)

 

 

 

 

 

2610

3072

1024

 

 

 

Default: 1024

 

 

 

 

 

 

 

3. Providing the Switch’s Public Key to Clients

When an SSH client contacts the switch for the first time, the client will challenge the connection unless you have already copied the key into the client’s "known host" file. Copying the switch’s key in this way reduces the chance that an unauthorized device can pose as the switch to learn your access passwords. The most secure way to acquire the switch’s public key for distribution to clients is to use a direct, serial connection between the switch and a management device (laptop, PC, or UNIX workstation), as described below.

The public key generated by the switch consists of three parts, separated by one blank space each:

Bit Size

 

Exponent <e>

 

Modulus <n>

 

 

 

 

 

896 35 427199470766077426366625060579924214851527933248752021855126493

2934075407047828604329304580321402733049991670046707698543529734853020

0176777055355544556880992231580238056056245444224389955500310200336191

3610469786020092436232649374294060627777506601747146563337525446401

Figure 6-6. Example of a Public Key Generated by the Switch

6-13