Configuring Secure Shell - Cisco Catalyst 8540 MSR Configuration Manual

Chapter 4 Configuring System Management Functions
Command
Step 4 Switch(config)# radius-server timeout seconds
Step 5
Switch(config)# radius-server deadtime minutes Specifies the number of minutes a RADIUS
For detailed information about RADIUS commands, refer to the "RADIUS Commands" chapter in the
Cisco IOS Security Command Reference publication.

Configuring Secure Shell

The preferred method of administering the switch router is through a Telnet session. However, using
Telnet might cause security issues that include session hijacking, sniffing, and man-in-the-middle
attacks. These attacks can be stopped using the Secure Shell (SSH) protocol and application that the
switch router supports. SSH is an application and protocol that provides a secure replacement to the
Berkeley r-tools. The protocol secures the sessions using standard cryptographic mechanisms, and the
application is similar to the Berkeley rexec and rsh tools. Two versions of SSH are currently available,
Version 1 and Version 2. Both SSH Server Version 1 and Version 2 are implemented in the Cisco IOS
software. Also, SSH Version 1 Integrated Client and SSH Version 2 Integrated Client are implemented
in the Cisco IOS software.
The current method of remotely configuring a switch router involves initiating a Telnet connection to
the switch router to start an Exec session and then entering configuration mode. This connection method
only provides as much security as Telnet provides. That is, lower-layer encryption (for example, IPSEC
[Internet Protocol SECurity]) and application security (for example, username and password
authentication at the remote host).
You can configure SSH (Secure Shell) which is an application which runs on top of a reliable transport
layer, such as TCP/IP, and provides strong authentication and encryption capabilities. Secure Shell
allows you to login onto another computer over a network, execute commands remotely, and move files
from one host to another. The requirements are:
•
•
The IOS/ENA implementation of SSH server on the switch router provides the following:
•
•
•
•
For additional information about SSH, see the following:
•
•
•
OL-7396-01
Any host which wants to allow incoming secure connection must have the SSH daemon (or server)
running.
The SSH client is required to initiate a connection to the remote host.
Secure incoming connections
Remote Exec session connections to the switch router
DES and 3DES encryption
Username and password authentication using the existing IOS/ENA AAA authentication functions
Secure Shell White Paper provided by SSH Communications Security
Secure Shell Version 1 Support example configuration
Secure Shell Version 1 Integrated Client
Purpose
Specifies the number of seconds a switch waits
for a reply to a RADIUS request before
retransmitting the request.
server, which is not responding to authentication
requests, is passed over by requests for RADIUS
authentication.
ATM Switch Router Software Configuration Guide
Configuring Secure Shell
4-19