BLADEOS 6.5.2 Application Guide
BMD00220, October 2010 Chapter 1: Switch Administration 31
Using Secure Shell
Although a remote network administrator can manage the configuration of a G8124 via Telnet, this
method does not provide a secure connection. The Secure Shell (SSH) protocol enables you to
securely log into another device over a network to execute commands remotely. As a secure
alternative to using Telnet to manage switch configuration, SSH ensures that all data sent over the
network is encrypted and secure.
The switch can do only one session of key/cipher generation at a time. Thus, a SSH/SCP client will
not be able to login if the switch is doing key generation at that time. Similarly, the system will fail
to do the key generation if a SSH/SCP client is logging in at that time.
The supported SSH encryption and authentication methods are listed below.
Server Host Authentication: Client RSA-authenticates the switch when starting each connection
Key Exchange: RSA
Encryption: 3DES-CBC, DES
User Authentication: Local password authentication, RADIUS, TACACS+
The following SSH clients have been tested:
OpenSSH_5.1p1 Debian-3ubuntu1
SecureCRT 5.0 (Van Dyke Technologies, Inc.)
Putty beta 0.60
Note – The BLADEOS implementation of SSH supports both versions 1.5 and 2.0 and supports
SSH client version 1.5 - 2.x.
Using SSH to Access the Switch
By default, the SSH feature is disabled. For information on enabling and using SSH for switch
access, see “Secure Shell and Secure Copy” on page 65.
Once the IP parameters are configured and the SSH service is enabled, you can access the command
line interface using an SSH connection.
To establish an SSH connection with the switch, run the SSH program on your workstation by
issuing the SSH command, followed by the switch IPv4 or IPv6 address:
If SecurID authentication is required, use the following command:
You will then be prompted to enter a password as explained “Switch Login Levels” on page 38.
# ssh <switch IP address>
# ssh -1 ace <switch IP address>