Managing Ssh - Nortel 2300 Series Configuration Manual
Wlan security switch
Hide thumbs
Also See for 2300 Series:
- Reference (622 pages) ,
- Configuration manual (39 pages) ,
- Solution manual (108 pages)
Table of Contents
Advertisement
Managing SSH
WSS Software supports Secure Shell (SSH) Version 2. SSH provides secure management access to the CLI
over the network. SSH requires a valid username and password for access to the switch. When a user enters a
valid username and password, SSH establishes a management session and encrypts the session data.
Login Timeouts
When you access the SSH server on a WSS, WSS Software allows you 10 seconds to press Enter for the
username prompt. After the username prompt is displayed, WSS Software allows 30 seconds to enter a valid
username and password to complete the login. If you do not press Enter or complete the login before the timer
expires, WSS Software ends the session. These timers are not configurable.
Session Timeouts
Each SSH session is governed by two timeouts:
•
Idle timeout—controls how long an open SSH session can remain idle before WSS Software closes the
session. The default idle timeout is 30 minutes. You can set the idle timeout to a value from 0 (disabled)
to 2,147,483,647 minutes.
•
Absolute timeout—controls how long an SSH session can remain open, regardless of how active the
session is. The absolute timeout is disabled by default. Nortel recommends using the idle timeout to close
unused sessions. However, if the idle timeout is disabled, WSS Software changes the default absolute
timeout from 0 (disabled) to 60 minutes to prevent an abandoned session from remaining open
indefinitely. You can set the absolute timeout to a value from 0 (disabled) to 2,147,483,647 minutes.
Note.
To ensure that all CLI management sessions are encrypted, after you configure
SSH, disable Telnet.
Enabling SSH
SSH is enabled by default. However, to use SSH, you must generate an SSH authentication key, using the
following command:
crypto generate key ssh {
To disable or reenable SSH, use the following command:
set ip ssh server {enable | disable}
You must generate an SSH authentication key before you can enable SSH. You need to generate the key only
once. The key must be at least 1024 bytes long. The WSS stores the key in nonvolatile storage where the key
remains even after software reboots.
To generate a 1024-byte SSH authentication key, type the following command:
23x0# crypto generate key ssh 1024
key pair generated
Configuring and Managing IP Interfaces and Services 123
1024 | 2048
}
Nortel WLAN Security Switch 2300 Series Configuration Guide
Advertisement
Table of Contents
