Support User Manuals

Blade ICE G8124-E Personal Computer User Manual

Open as PDF

of 388

BLADEOS 6.5.2 Application Guide

60  Chapter 3: Securing Administration BMD00220, October 2010

Generating RSA Host and Server Keys for SSH Access

To support the SSH server feature, two sets of RSA keys (host and server keys) are required. The

host key is 1024 bits and is used to identify the G8124. The server key is 768 bits and is used to

make it impossible to decipher a captured session by breaking into the G8124 at a later time.

When the SSH server is first enabled and applied, the switch automatically generates the RSA host

and server keys and stores them in FLASH memory.

To configure RSA host and server keys, first connect to the G8124 through the console port

(commands are not available via external Telnet connection), and enter the following commands to

generate them manually.

When the switch reboots, it will retrieve the host and server keys from the FLASH memory. If these

two keys are not available in the flash and if the SSH server feature is enabled, the switch

automatically generates them during the system reboot. This process may take several minutes to

complete.

The switch can also automatically regenerate the RSA server key. To set the interval of RSA server

key autogeneration, use this command:

A value of 0 (zero) denotes that RSA server key autogeneration is disabled. When greater than 0,

the switch will autogenerate the RSA server key every specified interval; however, RSA server key

generation is skipped if the switch is busy doing other key or cipher generation when the timer

expires.

Note – The switch will perform only one session of key/cipher generation at a time. Thus, an

SSH/SCP client will not be able to log in if the switch is performing key generation at that time.

Also, key generation will fail if an SSH/SCP client is logging in at that time.

SSH/SCP Integration with Radius Authentication

SSH/SCP is integrated with RADIUS authentication. After the RADIUS server is enabled on the

switch, all subsequent SSH authentication requests will be redirected to the specified RADIUS

servers for authentication. The redirection is transparent to the SSH clients.

RS G8124(config)# ssh generate-host-key

RS G8124(config)# ssh generate-server-key

RS G8124(config)# ssh interval <number of hours (0-24)>

previous next