Configuring The Secure Shell - Edge-Core ECS4810-12M Layer 2 Management Manual

| Security Measures
C 13
HAPTER

Configuring the Secure Shell

C S
ONFIGURING THE
S
ECURE HELL
The Berkeley-standard includes remote access tools originally designed for
Unix systems. Some of these tools have also been implemented for
Microsoft Windows and other environments. These tools, including
commands such as rlogin (remote login), rsh (remote shell), and rcp
(remote copy), are not secure from hostile attacks.
Secure Shell (SSH) includes server/client applications intended as a secure
replacement for the older Berkeley remote access tools. SSH can also
provide remote management access to this switch as a secure replacement
for Telnet. When the client contacts the switch via the SSH protocol, the
switch generates a public-key that the client uses along with a local user
name and password for access authentication. SSH also encrypts all data
transfers passing between the switch and SSH-enabled management
station clients, and ensures that data traveling over the network arrives
unaltered.
You need to install an SSH client on the management station to
N :
OTE
access the switch for management via the SSH protocol.
The switch supports both SSH Version 1.5 and 2.0 clients.
N :
OTE
C U
OMMAND SAGE
The SSH server on this switch supports both password and public key
authentication. If password authentication is specified by the SSH client,
then the password can be authenticated either locally or via a RADIUS or
TACACS+ remote authentication server, as specified on the System
Authentication page (page
the client, then you must configure authentication keys on both the client
and the switch as described in the following section. Note that regardless of
whether you use public key or password authentication, you still have to
generate authentication keys on the switch (SSH Host Key Settings) and
enable the SSH server (Authentication Settings).
To use the SSH server, complete these steps:
Generate a Host Key Pair – On the SSH Host Key Settings page, create
1.
a host public/private key pair.
Provide Host Public Key to Clients – Many SSH client programs
2.
automatically import the host public key during the initial connection
setup with the switch. Otherwise, you need to manually create a known
hosts file on the management station and place the host public key in
it. An entry for a public key in the known hosts file would appear similar
to the following example:
10.1.0.54 1024 35
15684995401867669259333946775054617325313674890836547254
15020245593199868544358361651999923329781766065830956
10825913212890233 76546801726272571413428762941301196195566782
59566410486957427888146206519417467729848654686157177393901647
– 348 –
315). If public key authentication is specified by