Restrictions For Configuring Secure Shell - Cisco Catalyst 2960 series Configuration Manual

Restrictions for Configuring Secure Shell

• Before enabling SCP, you must correctly configure SSH, authentication, and authorization on the switch.
• Because SCP relies on SSH for its secure transport, the router must have an Rivest, Shamir, and Adelman
• SCP relies on SSH for security.
• SCP requires that authentication, authorization, and accounting (AAA) authorization be configured so
• A user must have appropriate authorization to use SCP.
• A user who has appropriate authorization can use SCP to copy any file in the Cisco IOS File System
• The Secure Shell (SSH) server requires an IPsec (Data Encryption Standard [DES] or 3DES) encryption
• Configure a hostname and host domain for your device by using the hostname and ip domain-name
Restrictions for Configuring Secure Shell
The following are restrictions for configuring the Switch for secure shell.
• The switch supports Rivest, Shamir, and Adelman (RSA) authentication.
• SSH supports only the execution-shell application.
• The SSH server and the SSH client are supported only on Data Encryption Standard (DES) (56-bit) and
• The Switch supports the Advanced Encryption Standard (AES) encryption algorithm with a 128-bit key,
• This software release does not support IP Security (IPSec).
• When using SCP, you cannot enter the password into the copy command. You must enter the password
• The login banner is not supported in Secure Shell Version 1. It is supported in Secure Shell Version 2.
• The -l keyword and userid :{number} {ip-address} delimiter and arguments are mandatory when
Information about SSH
Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH provides more
security for remote connections than Telnet does by providing strong encryption when a device is authenticated.
This software release supports SSH Version 1 (SSHv1) and SSH Version 2 (SSHv2).
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1070
(RSA) key pair.
the router can determine whether the user has the correct privilege level.
(IFS) to and from a switch by using the copy command. An authorized administrator can also do this
from a workstation.
software image; the SSH client requires an IPsec (DES or 3DES) encryption software image.)
commands in global configuration mode.
3DES (168-bit) data encryption software. In DES software images, DES is the only encryption algorithm
available. In 3DES software images, both DES and 3DES encryption algorithms are available.
192-bit key, or 256-bit key. However, symmetric cipher AES to encrypt the keys is not supported.
when prompted.
configuring the alternative method of Reverse SSH for console access.