Configuring Secure Shell (SSH)

Configuring the Switch for SSH Operation

(The generated public key on the switch is always 896 bits.)

With a direct serial connection from a management station to the switch:

1.Use a terminal application such as HyperTerminal to display the switch’s public key with the show crypto host-public-keycommand (figure 6-5).

2.Bring up the SSH client’s "known host" file in a text editor such as Notepad as straight ASCII text, and copy the switch’s public key into the file.

3.Ensure that there are no changes or breaks in the text string. (A public key must be an unbroken ASCII string. Line breaks are not allowed Changes in the line breaks will corrupt the Key.) For example, if you are using Windows® Notepad, ensure that Word Wrap (in the Edit menu) is disabled, and that the key text appears on a single line.

Figure 6-7. Example of a Correctly Formatted Public Key

4.Add any data required by your SSH client application. For example Before saving the key to an SSH client’s "known hosts" file you may have to insert the switch’s IP address:

Inserted

 

Bit

 

Exponent <e>

 

Modulus <n>

IP

 

Size

 

 

 

 

 

 

 

 

Address

 

 

 

 

 

 

Figure 6-8. Example of a Switch Public Key Edited To Include the Switch’s IP Address

For more on this topic, refer to the documentation provided with your SSH client application.

Displaying the Public Key. The switch provides three options for displaying its public key. This is helpful if you need to visually verify that the public key the switch is using for authenticating itself to a client matches the copy of this key in the client’s "known hosts" file:

6-14