Secure Shell 2; Enabling Ssh2 For Inbound Switch Access - Extreme Networks ExtremeWare XOS Guide Manual

Secure Shell 2

Secure Shell 2 (SSH2) is a feature of ExtremeWare XOS that allows you to encrypt session data between
a network administrator using SSH2 client software and the switch. Configuration and policy files may
also be transferred to the switch using the Secure Copy Protocol 2 (SCP2) or the Secure File Transfer
Protocol (SFTP).
The ExtremeWare XOS SSH2 switch application also works with SSH2 client (version 2.x or later) from
SSH Communication Security, and with (version 2.5 or later) from OpenSSH. The SFTP file transfer
protocol is required for file transfer using SCP2.

Enabling SSH2 for Inbound Switch Access

SSH2 functionality is not present in the base ExtremeWare XOS software image; SSH2 is in an
additional, installable software module. Before you can access any SSH2 commands, you must install
this additional software module. Without the software module, the commands do not appear on the
command line. To install the software module, see the instructions in
and Boot Options".
NOTE
Do not terminate the SSH process (exsshd) that was installed since the last reboot unless you have saved your
configuration. If you have installed a software module and you terminate the newly installed process without saving
your configuration, your module may not be loaded when you attempt to restart the process with the start
process command.
Because SSH2 is currently under U.S. export restrictions, you must first obtain a security-enabled
version of the ExtremeWare software from Extreme Networks before you can enable SSH2.
You must enable SSH2 on the switch before you can connect to the switch using an external SSH2 client.
Enabling SSH2 involves two steps:
Generating or specifying an authentication key for the SSH2 sessions.
●
Enabling SSH2 access by specifying a TCP port to be used for communication and specifying on
●
which virtual router SSH2 is enabled.
Once enabled, by default, SSH2 uses TCP port 22 and is available on all virtual routers.
An authentication key must be generated before the switch can accept incoming SSH2 sessions. This can
be done automatically by the switch, or you can enter a previously generated key. To have the key
generated by the switch, use the following command:
configure ssh2 key
The key generation process takes approximately 10 minutes. Once the key has been generated, you
should save your configuration to preserve the key.
To use a key that has been previously created, use the following command:
configure ssh2 key {pregenerated}
You are prompted to enter the pregenerated key.
ExtremeWare XOS 11.1 Concepts Guide
Secure Shell 2
Appendix A, "Software Upgrade
249