To Load Switch Configuration Files from the SCP Host
SSH and SCP Encryption of Management Messages
Generating RSA Host Key for SSH Access
© Copyright Lenovo 2015
Example:
>> scp scpadmin@205.178.15.157:getimg1 6.1.0_os.img
Syntax:
>> scp [4|6] <local filename> <username>@<switch IP address>:putimg1
>> scp [4|6] <local filename> <username>@<switch IP address>:putimg2
>> scp [4|6] <local filename> <username>@<switch IP address>:putboot
Example:
>> scp 6.1.0_os.img scpadmin@205.178.15.157:putimg1
The following encryption and authentication methods are supported for SSH and
SCP:
Server Host Authentication: Client RSA authenticates the switch at the
Key Exchange:
Encryption:
User Authentication:
To support the SSH server feature, an RSA host key is required. The host key is
2048 bits and is used to identify the CN4093.
When the SSH server is first enabled and applied, the switch automatically
generates the RSA host key and stores it in FLASH memory.
To configure RSA host key, first connect to the CN4093 through the console port
(commands are not available via external Telnet connection), and enter the
following command to generate it manually.
CN4093(config)# ssh generatehostkey (Generates the host key)
When the switch reboots, it will retrieve the host key from the FLASH memory.
Note: The switch will perform only one session of key/cipher generation at a time.
Thus, an SSH/SCP client will not be able to log in if the switch is performing key
generation at that time. Also, key generation will fail if an SSH/SCP client is logging
in at that time.
beginning of every connection
RSA
3DES‐CBC, DES
Local password authentication, RADIUS
Chapter 5: Securing Administration
69