Destroying a local RSA key pair ································································································································ 165

Deleting a certificate ···················································································································································· 166

Configuring an access control policy ························································································································ 166

Displaying and maintaining PKI ································································································································· 166

PKI configuration examples ········································································································································· 167

Certificate request from an RSA Keon CA server ···························································································· 167

Certificate request from a Windows 2003 CA server ···················································································· 170

Certificate attribute access control policy configuration example ································································· 173

Troubleshooting PKI ····················································································································································· 175

Failed to retrieve a CA certificate ······················································································································ 175

Failed to request a local certificate ··················································································································· 175

Failed to retrieve CRLs ········································································································································ 176

Configuring SSH2.0 ··············································································································································· 177

Overview ······································································································································································· 177

SSH operation ····················································································································································· 177

SSH connection across VPNs ····························································································································· 179

Configuring the switch as an SSH server ·················································································································· 180

SSH server configuration task list ······················································································································ 180

Generating DSA or RSA key pairs ···················································································································· 180

Enabling the SSH server function ······················································································································· 181

Configuring the user interfaces for SSH clients ································································································ 181

Configuring a client public key ·························································································································· 182

Configuring an SSH user ···································································································································· 183

Setting the SSH management parameters ········································································································ 184

Setting the DSCP value for packets sent by the SSH server ············································································ 185

Configuring the switch as an SSH client ··················································································································· 185

SSH client configuration task list ························································································································ 185

Specifying a source IP address/interface for the SSH client ·········································································· 185

Configuring whether first-time authentication is supported ············································································· 186

Establishing a connection between the SSH client and server ······································································· 187

Setting the DSCP value for packets sent by the SSH client ············································································· 187

Displaying and maintaining SSH ······························································································································· 188

SSH server configuration examples ··························································································································· 188

When the switch acts as a server for password authentication ····································································· 188

When the switch acts as a server for publickey authentication ····································································· 190

SSH client configuration examples ····························································································································· 195

When switch acts as client for password authentication ················································································ 195

When switch acts as client for publickey authentication ················································································ 198

Configuring SFTP ····················································································································································· 201

Configuring the switch as an SFTP server ················································································································· 201

Enabling the SFTP server ···································································································································· 201

Configuring the SFTP connection idle timeout period ····················································································· 201

Configuring the switch as an SFTP client ··················································································································· 202

Specifying a source IP address or interface for the SFTP client ······································································ 202

Establishing a connection to the SFTP server ···································································································· 202

Working with SFTP directories ··························································································································· 203

Working with SFTP files ······································································································································ 204

Displaying help information ······························································································································· 204

Terminating the connection to the remote SFTP server ···················································································· 205

Setting the DSCP value for packets sent by the SFTP client ············································································ 205

SFTP client configuration example ····························································································································· 205