Table of Contents
Advertisement
Chapter 5
Configuring the Management Interface and Security
Key Management
Each SSH server should define a set of keys (DSA2, RSA2 and RSA1) to be used when communicating
with various clients. The key sets are pairs of public and private keys. The server publishes the public
key while keeping the private key in non-volatile memory, never transmitting it to SSH clients. Note that
the keys are kept on the tffs0 file system, which means that a person with knowledge of the 'enable'
password can access both the private and public keys. The SSH server implementation provides
protection against eavesdroppers who can monitor the management communication channels of the SCE
platform, but it does not provide protection against a user with knowledge of the 'enable' password.
Key management is performed by the user via a special CLI command. A set of keys must be generated
at least once before enabling the SSH server.
Size of the encryption key is always 2048 bits.
Managing the SSH Server
Use these commands to manage the SSH server. These commands do the following:
•
•
•
•
•
How to Generate a Set of SSH Keys
Remember that you must generate a set of SSH keys before you enable the SSH server.
From the SCE(config)# prompt, type ip ssh key generate and press Enter.
Step 1
Generates a new SSH key set and immediately saves it to non-volatile memory. (Key set is not part of
the configuration file). Key size is always 2048 bits.
How to Enable the SSH Server
Step 1
From the SCE(config)# prompt, type ip ssh and press Enter.
How to Disable the SSH Server
Step 1
From the SCE(config)# prompt, type no ip ssh and press Enter.
OL-7827-12
Generate an SSH key set
Enable/disable the SSH server
Enable/disable SSHv1. (Disabling SSHv1 allows you to run SSHv2 only.)
Assign/remove an ACL to the SSH server
Delete existing SSH keys
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
Configuring the Available Interfaces
5-31
Advertisement
Table of Contents
