Configuring The Ssh Server - Cisco Catalyst 3550 series Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Configuring the Switch for Secure Shell
Command
Step 4
crypto key generate rsa
Step 5
end
Step 6
show ip ssh
or
show ssh
Step 7
copy running-config startup-config
To delete the RSA key pair, use the crypto key zeroize rsa global configuration command. After the
RSA key pair is deleted, the SSH server is automatically disabled.
Configuring the SSH Server
Beginning in privileged EXEC mode, follow these steps to configure the SSH server:
Command
Step 1
configure terminal
Step 2
ip ssh version [1 | 2]
Step 3
ip ssh {timeout seconds |
authentication-retries number}
Step 4
end
Catalyst 3550 Multilayer Switch Software Configuration Guide
8-40
Purpose
Enable the SSH server for local and remote authentication on the switch
and generate an RSA key pair.
We recommend that a minimum modulus size of 1024 bits.
When you generate RSA keys, you are prompted to enter a modulus
length. A longer modulus length might be more secure, but it takes longer
to generate and to use.
Return to privileged EXEC mode.
Show the version and configuration information for your SSH server.
Show the status of the SSH server on the switch.
(Optional) Save your entries in the configuration file.
Purpose
Enter global configuration mode.
(Optional) Configure the switch to run SSH version 1 or SSH version 2.
•
1—Configure the switch to run SSH version 1.
2—Configure the switch to run SSH version 2.
•
If you do not enter this command or do not specify a keyword, the SSH
server selects the latest SSH version supported by the SSH client. For
example, if the SSH client sports SSHv1 and SSHv2, the SSH server
selects SSHv2.
Configure the SSH control parameters:
Specify the time-out value in seconds; the default is 120 seconds. The
•
range is 0 to 120 seconds. This parameter applies to the SSH
negotiation phase. After the connection is established, the switch uses
the default time-out values of the CLI-based sessions.
By default, up to five simultaneous, encrypted SSH connections for
multiple CLI-based sessions over the network are available (session 0
to session 4). After the execution shell starts, the CLI-based session
time-out value returns to the default of 10 minutes.
Specify the number of times that a client can re-authenticate to the
•
server. The default is 3; the range is 0 to 5.
Repeat this step when configuring both parameters.
Return to privileged EXEC mode.
Chapter 8
Configuring Switch-Based Authentication
78-11194-09
Advertisement
Table of Contents
Troubleshooting
