Ssh And Scp Encryption Of Management Messages; Generating Rsa Host Key For Ssh Access - IBM RackSwitch G8000 Application Manual

SSH and SCP Encryption of Management Messages

Generating RSA Host Key for SSH Access

58
RackSwitch G8000: Application Guide
To Copy the Switch Image and Boot Files to the SCP Host
Syntax:
>> scp [-4|-6] <username>@<switch IP address>:getimg1 <local filename>
>> scp [-4|-6] <username>@<switch IP address>:getimg2 <local filename>
>> scp [-4|-6] <username>@<switch IP address>:getboot <local filename>
Example:
>> scp scpadmin@205.178.15.157:getimg1 6.1.0_os.img
To Load Switch Configuration Files from the SCP Host
Syntax:
>> scp [-4|-6] <local filename> <username>@<switch IP address>:putimg1
>> scp [-4|-6] <local filename> <username>@<switch IP address>:putimg2
>> scp [-4|-6] <local filename> <username>@<switch IP address>:putboot
Example:
>> scp 6.1.0_os.img scpadmin@205.178.15.157:putimg1
The following encryption and authentication methods are supported for SSH and
SCP:
• Server Host Authentication:Client RSA authenticates the switch at the
beginning of every connection
• Key Exchange: RSA
• Encryption:3DES-CBC, DES
• User Authentication:Local password authentication, RADIUS, SecurID (via
RADIUS or TACACS+ for SSH only—does not apply to SCP)
To support the SSH host feature, an RSA host key is required. The host key is 1024
bits and is used to identify the G8000.
To configure RSA host key, first connect to the G8000 through the console port
(commands are not available via external Telnet connection), and enter the
following command to generate it manually.
RS G8000(config)# ssh generate-host-key
When the switch reboots, it will retrieve the host key from the FLASH memory.
Note: The switch will perform only one session of key/cipher generation at a time.
Thus, an SSH/SCP client will not be able to log in if the switch is performing
key generation at that time. Also, key generation will fail if an SSH/SCP client
is logging in at that time.