Configuring SSH and Telnet
You can configure SSH authentication using X.509v3 certificates (RFC 6187). X.509v3 certificate-based
SSH authentication uses certificates combined with a smartcard to enable two-factor authentication for Cisco
device access. The SSH client is provided by Cisco partner Pragma Systems.
Telnet Server
The Telnet protocol enables TCP/IP connections to a host. Telnet allows a user at one site to establish a TCP
connection to a login server at another site and then passes the keystrokes from one device to the other. Telnet
can accept either an IP address or a domain name as the remote device address.
The Telnet server is disabled by default on the Cisco NX-OS device.
Licensing Requirements for SSH and Telnet
The following table shows the licensing requirements for this feature:
Product
Cisco
NX-OS
Prerequisites for SSH and Telnet
Make sure that you have configured IP on a Layer 3 interface, out-of-band on the mgmt 0 interface, or inband
on an Ethernet interface.
Guidelines and Limitations for SSH and Telnet
SSH and Telnet have the following configuration guidelines and limitations:
• The Cisco NX-OS software supports only SSH version 2 (SSHv2).
• Due to a Poodle vulnerability, SSLv3 is no longer supported.
• IPSG is not supported on the following:
• You can configure your device for SSH authentication using an X.509 certificate. If the authentication
• The SFTP server feature does not support the regular SFTP chown and chgrp commands.
• When the SFTP server is enabled, only the admin user can use SFTP to access the device.
License Requirement
SSH and Telnet require no license. Any feature not included in a license package is bundled
with the nx-os image and is provided at no extra charge to you. For an explanation of the
Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
• The last six 40-Gb physical ports on the Cisco Nexus 9372PX, 9372TX, and 9332PQ switches
• All 40G physical ports on the Cisco Nexus 9396PX, 9396TX, and 93128TX switches
fails, you are prompted for a password.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Telnet Server
129