Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
SSH Client Contact Behavior. At the first contact between the switch and an SSH client, if you have not copied the switch’s public key into the client, your client’s first connection to the switch will question the connection and, for security reasons, give you the option of accepting or refusing. As long as you are confident that an unauthorized device is not using the switch’s IP address in an attempt to gain access to your data or network, you can accept the connection. (As a more secure alternative, you can directly connect the client to the switch’s serial port and copy the switch’s public key into the client. See the following Note.)
Note | When an SSH client connects to the switch for the first time, it is possible for |
| a |
| undetected as the switch, and learn the usernames and passwords controlling |
| access to the switch. You can remove this possibility by directly connecting |
| the management station to the switch’s serial port, using a show command to |
| display the switch’s public key, and copying the key from the display into a |
| file. This requires a knowledge of where your client stores public keys, plus |
| the knowledge of what key editing and file format might be required by your |
| client application. However, if your first contact attempt between a client and |
| the switch does not pose a security problem, this is unnecessary. |
|
|
1.Generate a public/private key pair if you have not already done so. (Refer to “2. Generate the Switch’s Public and Private Key Pair” on page
2.Execute the ip ssh command.
To disable SSH on the switch, do either of the following:
■Execute no ip ssh.
■Zeroize the switch’s existing key pair. (page
Syntax: [no] ip ssh
Enables or disables SSH on the switch.
filetransfer
Enable or disable secure file transfer capability.