3Com WX2200 3CRWX220095A Switch User Manual


 
114 CHAPTER 6: CONFIGURING AND MANAGING IP INTERFACES AND SERVICES
SSH requires an SSH authentication key. You can generate one or allow
MSS to generate one. The first time an SSH client attempts to access the
SSH server on a WX switch, the switch automatically generates a
1024-byte SSH key. If you want to use a 2048-byte key instead, use the
following command to generate one:
WX1200# crypto generate key ssh 2048
key pair generated
If a key has already been generated, the command replaces the old key
with a new one. The new key takes affect for all new SSH sessions.
You can verify the key using the following command:
display crypto key ssh
For example:
WX1200# display crypto key ssh
ec:6f:56:7f:d1:fd:c0:28:93:ae:a4:f9:7c:f5:13:04
This command displays the checksum (also called a fingerprint) of the
public authentication key. When you initially connect to the WX switch
with an SSH client, you can compare the SSH key checksum displayed by
the WX switch with the one displayed by the client to verify that you
really are connected to the WX switch and not another device. Generally,
SSH clients remember the encryption key after the first connection, so
you need to check the key only once.
The WX switch stores the key in nonvolatile storage where the key
remains even after software reboots.
Adding an SSH User
To log in with SSH, a user must supply a valid username and password. To
add a username and password to the local database, use the following
command:
set user username password password
Optionally, you also can configure MSS either to locally authenticate the
user or to use a RADIUS server to authenticate the user. Use the following
command:
set authentication admin {user-glob}
method1 [method2] [method3] [method4]