Configuring SSH
Tunneling of TCP/IP traffic over SSH
•
Secure Shell Version 1
•
Outbound SSH connections (client mode)
•
Duplication of HOST KEYS in other SSH Servers
•
In the SBx3112, the SSH is managed by the Security Officer user through the CLI. Using CLI commands, the
SECURITYOFFICER can:
Configure and enable the SSH Server
•
Add and configure SSH users
•
Manage public keys for user authentication
•
6.10.2 Configuring SSH
6.10.2.1 Default Configuration
When an SBx3112 switch is initially booted up, the SSH server will not be configured.
6.10.2.2 Configuration Guidelines
Configuring and enabling the SSH Server involves creating a HOST KEY for server authentication, enabling the
SSH Server and assigning to it its HOST KEY, and configuring authentication and access control. The HOST KEY
is created using the Digital Signature Standard. Once the HOST KEY is created, the SSH Server can be enabled
and assigned its HOST KEY with the SET SSH SERVER command. Managing keys involves:
Creating the HOST KEY
•
Downloading user public keys to the SBx3112
•
Adding the keys to the SBx3112 key database
•
Assigning keys to new users
•
The format of the public key file must conform to the standard defined in RFC4716.
Configuring authentication and access control involves setting Allowed Authentications and Required Authenti-
cations, and populating the
- Required authentications specify which authentication techniques must be used to con-
•
REQUIREDAUTH
nect to the SSH Server. Values are 'password', 'publickey', or 'publickey,password'. A value of 'NONE' will
clear the list.
- Allowed authentications specify which authentication techniques can be used to connect to
•
ALLOWEDAUTH
the SSH Server. Values are 'password', 'publickey', or 'publickey,password'. A value of 'NONE' will clear the
list.
Software Reference for SwitchBlade x3100 Series Switches (Access and Security)
and
ALLOWEDAUTH
REQUIREDAUTH
lists, as follows:
Introduction
6-137