Removing The Rsa Host Keys And Zeroizing Storage - Dell S6000–ON Configuration Manual
Hide thumbs
Also See for S6000–ON:
- Getting started manual (26 pages) ,
- Troubleshooting manual (29 pages) ,
- Installation manual (41 pages)
Table of Contents
Advertisement
EXEC Privilege Mode
5.
On the chassis, invoke SCP.
CONFIGURATION mode
copy scp: flash:
Example of Using SCP to Copy from an SSH Server on Another Switch
The following example shows the use of SCP and SSH to copy a software image from one switch running
SSH server on UDP port 99 to the local switch.
Other SSH related command include:
•
crypto key generate : generate keys for the SSH server.
•
debug ip ssh : enables collecting SSH debug information.
•
ip scp topdir : identify a location for files used in secure copy transfer.
•
ip ssh authentication-retries : configure the maximum number of attempts that should be
used to authenticate a user.
•
ip ssh connection-rate-limit : configure the maximum number of incoming SSH connections
per minute.
•
ip ssh hostbased-authentication enable : enable host-based authentication for the SSHv2
server.
•
ip ssh key-size : configure the size of the server-generated RSA SSHv1 key.
•
ip ssh password-authentication enable : enable password authentication for the SSH server.
•
ip ssh pub-key-file : specify the file the host-based authentication uses.
•
ip ssh rhostsfile : specify the rhost file the host-based authorization uses.
•
ip ssh rsa-authentication enable : enable RSA authentication for the SSHv2 server.
•
ip ssh rsa-authentication : add keys for the RSA authentication.
•
show crypto : display the public part of the SSH host-keys.
•
show ip ssh client-pub-keys : display the client public keys used in host-based authentication.
•
show ip ssh rsa-authentication : display the authorized-keys for the RSA authentication.
Dell#copy scp: flash:
Address or name of remote host []: 10.10.10.1
Port number of the server [22]: 99
Source file name []: test.cfg
User name to login remote host: admin
Password to login remote host:
Removing the RSA Host Keys and Zeroizing Storage
Use the crypto key zeroize rsa command to delete the host key pairs, both the public and private
key information for RSA 1 and or RSA 2 types. Note that when FIPS mode is enabled there is no RSA 1 key
pair. Any memory currently holding these keys is zeroized (written over with zeroes) and the NVRAM
location where the keys are stored for persistence across reboots is also zeroized.
To remove the generated RSA host keys and zeroize the key storage location, use the crypto key
zeroize rsa command in CONFIGURATION mode.
Dell(conf)#crypto key zeroize rsa
Security
791
Advertisement
Table of Contents
Troubleshooting
