Chapter 18
Configuring Switch Security
Enabling SSH Service
By default, the SSH service is disabled.
Generating an SSH Host Key Pair
Be sure to have an SSH host key pair with the appropriate version before enabling the SSH service. The
SSH service accepts three types of key pairs for use by SSH versions 1 and 2. Generate the SSH host key
pair according to the SSH client version used. The number of bits specified for each key pair ranges from
768 to 2048.
•
•
•
Using the force Option
If the SSH key pair option is already generated for the required version, use the force option to overwrite
the previously generated key pair.
About SNMP Security
SNMP is an application layer protocol that facilitates the exchange of management information between
network devices. In all Cisco MDS 9000 Family switches, three SNMP versions are available: SNMPv1,
SNMPv2c, and SNMPv3. (See
Figure 18-2
Switch 1
Users and roles configured through the CLI are different from users and roles configured through SNMP.
These configurations do not directly correspond with each other. However, you can configure both CLI
and SNMP identically, if required. See the
additional information.
SNMP users are different from CLI users. SNMP users also have role-based authentication for roles and
authorization purposes.
OL-7753-01
The rsa1 option generates the RSA1 key pair for the SSH version 1 protocol.
The dsa option generates the DSA key pair for the SSH version 2 protocol.
The rsa option generates the RSA key pair for the SSH version 2 protocol.
SNMP Security
SNMP v1 or v2c
(network operator level)
SNMP request
SNMP response
(response depends on successful authentication)
SNMP v3
(network administrator level)
Figure
18-2.)
"Creating Common Roles" section on page 18-18
Cisco MDS 9000 Fabric Manager Switch Configuration Guide
About SNMP Security
GET or SET
SNMP commands
for
18-13