Cisco Nexus 9000 Series Configuration Manual page 157

Configuring SSH and Telnet
8. show run security all
9. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2 no feature ssh
Example:
switch(config)# no feature ssh
Step 3 ssh key {dsa [force] | rsa [bits[force]] | ecdsa [bits [
force]]}
Example:
switch(config)# ssh key rsa 2048
Step 4 ssh rekey max-data max-data max-time max-timei
Example:
switch(config)# ssh rekey max-data 1K max-time 1M
Step 5
feature ssh
Example:
switch(config)# feature ssh
Step 6
exit
Example:
switch(config)# exit
switch#
Step 7 (Optional) show ssh key [dsa | rsa | ecdsa] [md5 ]
Example:
switch# show ssh key
Step 8
show run security all
Purpose
Enters global configuration mode.
Disables SSH.
Generates the SSH server key.
The bits argument is the number of bits used to generate
the RSA key. The range is from 768 to 2048. The default
value is 1024.
You cannot specify the size of the DSA key. It is always
set to 1024 bits.
Use the force keyword to replace an existing key.
Note If you configure ssh key dsa, you must do the
following additional configurations: ssh keytypes
all and ssh kexalgos all
Configures the rekey parameters.
Enables SSH.
Exits global configuration mode.
Displays the SSH server keys.
This command displays the fingerprint in SHA256 format
by default. SHA256 is more secure than the old default
format of MD5. However, the md5 option has been added,
if you want to see the fingerprint in MD5 format for
backward compatibility.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Generating SSH Server Keys
131