Cisco WS-C6506 Software Manual page 589

Catalyst 6500 series switch

Hide thumbs Also See for WS-C6506:

Manual (110 pages)

Installation manual (336 pages)

Table of Contents

Checking Status and Connectivity

If you are using Kerberos to authenticate connections to the switch, you will not be able to use Secure

Shell encryption.

Catalyst 6500 series software release 8.7(1) supports SSH keyboard interactive authentication methods

such as S/KEY, one-time-pads, hardware tokens that print a number or string, and other legacy

authentication methods with RADIUS and TACACS servers. For SSH keyboard interactive

authentication to work, ensure that the Apply password change rule checkbox is checked on the

Authentication Server Group Setup page on the RADIUS/TACACS server. The keyboard interactive

authentication method works only with SSH V2 and the blank password mechanism is supported only

with TACACS authentication.

To enable Secure Shell encryption on the switch, perform this task in privileged mode:

Create the RSA host key.

Set the SSH version.

Clear the SSH mode

configuration.

Display the SSH configuration

information.

This example shows how to create the RSA host key:

Console> (enable) set crypto key rsa 1024

Generating RSA keys.... [OK]

Console> (enable) set ssh mode v2

SSH protocol mode set to SSHv2 Only.

Console> (enable) show ssh

SSH server mode : V1 and V2

Console> (enable)

The nbits value specifies the RSA key size. The valid key size range is from 512–2048 bits. For SSH

version 2, the minimum recommended key size is 768 bits. A key size with a larger number provides higher

security but takes longer to generate.

You can enter the optional force keyword to regenerate the keys and suppress the warning prompt of

overwriting existing keys.

If you do not specify the

v1 or the v2 keyword,

SSH operates in

compatibility mode.

set crypto key rsa nbits [force]

set ssh mode {v1 | v2}

clear ssh mode

SESSION_OPEN

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

Using Secure Shell Encryption for Telnet Sessions

171.69.66.45

dove.cisco.com

Show Quick Links

Table of Contents

Troubleshooting

Catalyst 6506 Catalyst 6509 Catalyst 6513

Cisco WS-C6506 Software Manual page 589

Hide quick links:

Troubleshooting

Related Manuals for Cisco WS-C6506

Related Products for Cisco WS-C6506

This manual is also suitable for:

Table of Contents