Ssh And Switch Access - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
SSH and Switch Access
Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH provides more
security for remote connections than Telnet does by providing strong encryption when a device is authenticated.
This software release supports SSH Version 1 (SSHv1) and SSH Version 2 (SSHv2).
SSH functions the same in IPv6 as in IPv4. For IPv6, SSH supports IPv6 addresses and enables secure,
encrypted connections with remote IPv6 nodes over an IPv6 transport.
SSH Servers, Integrated Clients, and Supported Versions
The Secure Shell (SSH) Integrated Client feature is an application that runs over the SSH protocol to provide
device authentication and encryption. The SSH client enables a Cisco device to make a secure, encrypted
connection to another Cisco device or to any other device running the SSH server. This connection provides
functionality similar to that of an outbound Telnet connection except that the connection is encrypted. With
authentication and encryption, the SSH client allows for secure communication over an unsecured network.
The SSH server and SSH integrated client are applications that run on the switch. The SSH server works with
the SSH client supported in this release and with non-Cisco SSH clients. The SSH client works with publicly
and commercially available SSH servers. The SSH client supports the ciphers of Data Encryption Standard
(DES), 3DES, and password authentication.
The switch supports an SSHv1 or an SSHv2 server.
The switch supports an SSHv1 client.
The SSH client functionality is available only when the SSH server is enabled.
Note
User authentication is performed like that in the Telnet session to the device. SSH also supports the following
user authentication methods:
• TACACS+
• RADIUS
• Local authentication and authorization
RSA Authentication Support
Rivest, Shamir, and Adleman (RSA) authentication available in Secure Shell (SSH) clients is not supported
on the SSH server for Cisco software by default.
SSL Configuration Guidelines
When SSL is used in a switch cluster, the SSL session terminates at the cluster commander. Cluster member
switches must run standard HTTP.
Before you configure a CA trustpoint, you should ensure that the system clock is set. If the clock is not set,
the certificate is rejected due to an incorrect date.
In a switch stack, the SSL session terminates at the stack master.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Information about SSH
1071
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
