Ssh And Switch Access; Ssh Servers, Integrated Clients, And Supported Versions; Ssh Configuration Guidelines - Cisco Catalyst 2960-X Security Configuration Manual
Cisco ios release 15.0(2)ex
Hide thumbs
Also See for Catalyst 2960-X:
- Command reference manual (135 pages) ,
- Hardware installation manual (34 pages) ,
- Getting started manual (25 pages)
Table of Contents
Advertisement
Configuring Secure Shell (SSH)
SSH and Switch Access
Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH provides more
security for remote connections than Telnet does by providing strong encryption when a device is authenticated.
This software release supports SSH Version 1 (SSHv1) and SSH Version 2 (SSHv2).
SSH functions the same in IPv6 as in IPv4. For IPv6, SSH supports IPv6 addresses and enables secure,
encrypted connections with remote IPv6 nodes over an IPv6 transport.
SSH Servers, Integrated Clients, and Supported Versions
The Secure Shell (SSH) Integrated Client feature is an application that runs over the SSH protocol to provide
device authentication and encryption. The SSH client enables a Cisco device to make a secure, encrypted
connection to another Cisco device or to any other device running the SSH server. This connection provides
functionality similar to that of an outbound Telnet connection except that the connection is encrypted. With
authentication and encryption, the SSH client allows for secure communication over an unsecured network.
The SSH server and SSH integrated client are applications that run on the switch. The SSH server works with
the SSH client supported in this release and with non-Cisco SSH clients. The SSH client works with publicly
and commercially available SSH servers. The SSH client supports the ciphers of Data Encryption Standard
(DES), 3DES, and password authentication.
The switch supports an SSHv1 or an SSHv2 server.
The switch supports an SSHv1 client.
The SSH client functionality is available only when the SSH server is enabled.
Note
User authentication is performed like that in the Telnet session to the device. SSH also supports the following
user authentication methods:
• TACACS+
• RADIUS
• Local authentication and authorization
Related Topics
Configuring the Switch for Local Authentication and Authorization, on page 107
TACACS+ and Switch Access, on page 41
RADIUS and Switch Access, on page 59
SSH Configuration Guidelines
Follow these guidelines when configuring the switch as an SSH server or SSH client:
• An RSA key pair generated by a SSHv1 server can be used by an SSHv2 server, and the reverse.
• If the SSH server is running on a stack master and the stack master fails, the new stack master uses the
OL-29048-01
RSA key pair generated by the previous stack master.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
SSH and Switch Access
115
Hide quick links:
Advertisement
Table of Contents
