Extreme Networks ExtremeWare XOS Guide Manual page 336

Security
Because SSH2 is currently under U.S. export restrictions, you must first obtain and install the ssh.xmod
software module from Extreme Networks before you can enable SSH2.
You must enable SSH2 on the switch before you can connect to the switch using an external SSH2 client.
Enabling SSH2 involves two steps:
Generating or specifying an authentication key for the SSH2 sessions.
●
Enabling SSH2 access by specifying a TCP port to be used for communication and specifying on
●
which virtual router SSH2 is enabled.
Once enabled, by default, SSH2 uses TCP port 22 and is available on all virtual routers.
An authentication key must be generated before the switch can accept incoming SSH2 sessions. This can
be done automatically by the switch, or you can enter a previously generated key. To have the key
generated by the switch, use the following command:
configure ssh2 key
The key generation process can take up to ten minutes. Once the key has been generated, you should
save your configuration to preserve the key.
To use a key that has been previously created, use the following command:
configure ssh2 key {pregenerated}
You are prompted to enter the pregenerated key.
NOTE
The pregenerated key must be one that was generated by the switch. To get such key, you can use the command
show configuration exsshd to display the key on the console. Copy the key to a text editor and remove the carriage
return/line feeds from the key. Finally, copy and paste the key into the command line. The key must be entered as
one line.
The key generation process generates the SSH2 private host key. The SSH2 public host key is derived
from the private host key and is automatically transmitted to the SSH2 client at the beginning of an
SSH2 session.
To enable SSH2, use the following command:
enable ssh2 {access-profile [<access_profile> | none]} {port <tcp_port_number>} {vr
[<vr_name> | all | default]}
You can also specify a TCP port number to be used for SSH2 communication. By default the TCP port
number is 22. Beginning with ExtremeWare XOS 11.2, the switch accepts IPv6 connections.
Before you initiate a session from an SSH2 client, ensure that the client is configured for any non-default
access list or TCP port information that you have configured on the switch. Once these tasks are
accomplished, you may establish an SSH2-encrypted session with the switch. Clients must have a valid
user name and password on the switch in order to log in to the switch after the SSH2 session has been
established.
To view the status of SSH2 sessions on the switch, use the
command displays information about the switch including the enable/disable state for
management
SSH2 sessions and whether a valid key is present.
336
command. The
show management
ExtremeWare XOS 11.3 Concepts Guide
show