Configuring and Managing IP Interfaces and Services 123

Managing SSH

WSS Software supports Secure Shell (SSH) Version 2. SSH provides secure management access to the CLI over the network. SSH requires a valid username and password for access to the switch. When a user enters a valid username and password, SSH establishes a management session and encrypts the session data.

Login Timeouts

When you access the SSH server on a WSS, WSS Software allows you 10 seconds to press Enter for the username prompt. After the username prompt is displayed, WSS Software allows 30 seconds to enter a valid username and password to complete the login. If you do not press Enter or complete the login before the timer expires, WSS Software ends the session. These timers are not configurable.

Session Timeouts

Each SSH session is governed by two timeouts:

Idle timeout—controls how long an open SSH session can remain idle before WSS Software closes the session. The default idle timeout is 30 minutes. You can set the idle timeout to a value from 0 (disabled) to 2,147,483,647 minutes.

Absolute timeout—controls how long an SSH session can remain open, regardless of how active the session is. The absolute timeout is disabled by default. Nortel recommends using the idle timeout to close unused sessions. However, if the idle timeout is disabled, WSS Software changes the default absolute timeout from 0 (disabled) to 60 minutes to prevent an abandoned session from remaining open indefinitely. You can set the absolute timeout to a value from 0 (disabled) to 2,147,483,647 minutes.

Note. To ensure that all CLI management sessions are encrypted, after you configure SSH, disable Telnet.

Enabling SSH

SSH is enabled by default. However, to use SSH, you must generate an SSH authentication key, using the following command:

crypto generate key ssh {1024 2048}

To disable or reenable SSH, use the following command:

set ip ssh server {enable disable}

You must generate an SSH authentication key before you can enable SSH. You need to generate the key only once. The key must be at least 1024 bytes long. The WSS stores the key in nonvolatile storage where the key remains even after software reboots.

To generate a 1024-byte SSH authentication key, type the following command:

23x0# crypto generate key ssh 1024

key pair generated

Nortel WLAN Security Switch 2300 Series Configuration Guide

Page 122 Page 124
Page 123
Image 123
Nortel Networks 2300 manual Managing SSH, Login Timeouts, Session Timeouts, Enabling SSH
Page 122 Page 124
Top Page Image Contents