124Configuring and Managing IP Interfaces and Services

You can verify the key using the following command:

show crypto key ssh

For example:

23x0# show crypto key ssh ec:6f:56:7f:d1:fd:c0:28:93:ae:a4:f9:7c:f5:13:04

This command displays the checksum (also called a fingerprint) of the public key. When you initially connect to the WSS with an SSH client, you can compare the SSH key checksum displayed by the WSS switch with the one displayed by the client to verify that you really are connected to the WSS and not another device. Generally, SSH clients remember the encryption key after the first connection, so you need to check the key only once.

Adding an SSH User

To log in with SSH, a user must supply a valid username and password. To add a username and password to the local database, use the following command:

set user username password password

Optionally, you also can configure WSS Software either to locally authenticate the user or to use a RADIUS server to authenticate the user. Use the following command:

set authentication admin {user-wildcard}method1 [method2] [method3] [method4]

To add administrative user WSSadmin with password letmein, and use RADIUS server group sg1 to authenticate the user, type the following commands:

23x0# set user WSSadmin password letmein

success: User WSSadmin created

23x0# set authentication admin WSSadmin sg1

success: change accepted

(For more information, see “Adding and Clearing Local Users for Administrative Access” on page 63.)

Changing the SSH Service Port Number

To change the SSH port the WSS listens on for SSH connections, use the following command:

set ip ssh port port-num

Caution! If you change the SSH port number from an SSH session, WSS Software immediately ends the session. To open a new management session, you must configure the SSH client to use the new SSH port number.

320657-A

Page 124
Image 124
Nortel Networks 2300 manual Adding an SSH User, Changing the SSH Service Port Number, Show crypto key ssh