Support User Manuals

Cisco Systems 310 Switch User Manual

Open as PDF

of 1216

7-38

Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide

OL-12189-01

Chapter 7 Configuring Switch-Based Authentication

Configuring the Switch for Secure Shell

This section consists of these topics:

• SSH Servers, Integrated Clients, and Supported Versions, page 7-38

• Limitations, page 7-38

Note The SSH connection to the stack can be lost if a stack master running the cryptographic software image

and the IP base or the IP services feature set fails and is replaced by a switch that is running a

noncryptographic image and the same feature set. We recommend that a switch running the

cryptographic software image and the IP base or IP services feature set be the stack master. Encryption

features are unavailable if the stack master is running the noncryptographic software image and the

feature set.

SSH Servers, Integrated Clients, and Supported Versions

The SSH feature has an SSH server and an SSH integrated client, which are applications that run on the

switch. You can use an SSH client to connect to a switch running the SSH server. The SSH server works

with the SSH client supported in this release and with non-Cisco SSH clients. The SSH client also works

with the SSH server supported in this release and with non-Cisco SSH servers.

The switch supports an SSHv1 or an SSHv2 server.

The switch supports an SSHv1 client.

SSH supports the Data Encryption Standard (DES) encryption algorithm, the Triple DES (3DES)

encryption algorithm, and password-based user authentication.

SSH also supports these user authentication methods:

• TACACS+ (for more information, see the “Controlling Switch Access with TACACS+” section on

page 7-10)

• RADIUS (for more information, see the “Controlling Switch Access with RADIUS” section on

page 7-17)

• Local authentication and authorization (for more information, see the “Configuring the Switch for

Local Authentication and Authorization” section on page 7-36)

Note This software release does not support IP Security (IPSec).

Limitations

These limitations apply to SSH:

• The switch supports Rivest, Shamir, and Adelman (RSA) authentication.

• SSH supports only the execution-shell application.

• The SSH server and the SSH client are supported only on DES (56-bit) and 3DES (168-bit) data

encryption software.

• The switch does not support the Advanced Encryption Standard (AES) symmetric encryption

algorithm.

previous next