Support User Manuals

Cisco Systems ME3400G2CSA Switch User Manual

Open as PDF

of 885

7-40

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

78-17058-01

Chapter 7 Configuring Switch-Based Authentication

Configuring the Switch for Secure Shell

To delete the RSA key pair, use the crypto key zeroize rsa global configuration command. After the

RSA key pair is deleted, the SSH server is automatically disabled.

Configuring the SSH Server

Beginning in privileged EXEC mode, follow these steps to configure the SSH server:

Step 4

crypto key generate rsa Enable the SSH server for local and remote authentication on the switch

and generate an RSA key pair.

We recommend that a minimum modulus size of 1024 bits.

When you generate RSA keys, you are prompted to enter a modulus

length. A longer modulus length might be more secure, but it takes longer

to generate and to use.

Step 5

end Return to privileged EXEC mode.

Step 6

show ip ssh

or

show ssh

Show the version and configuration information for your SSH server.

Show the status of the SSH server on the switch.

Step 7

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

ip ssh version [1 | 2] (Optional) Configure the switch to run SSH Version 1 or SSH Version 2.

• 1—Configure the switch to run SSH Version 1.

• 2—Configure the switch to run SSH Version 2.

If you do not enter this command or do not specify a keyword, the SSH

server selects the latest SSH version supported by the SSH client. For

example, if the SSH client supports SSHv1 and SSHv2, the SSH server

selects SSHv2.

Step 3

ip ssh {timeout seconds |

authentication-retries number}

Configure the SSH control parameters:

• Specify the time-out value in seconds; the default is 120 seconds. The

range is 0 to 120 seconds. This parameter applies to the SSH

negotiation phase. After the connection is established, the switch uses

the default time-out values of the CLI-based sessions.

By default, up to five simultaneous, encrypted SSH connections for

multiple CLI-based sessions over the network are available (session 0

to session 4). After the execution shell starts, the CLI-based session

time-out value returns to the default of 10 minutes.

• Specify the number of times that a client can re-authenticate to the

server. The default is 3; the range is 0 to 5.

Repeat this step when configuring both parameters.

Step 4

end Return to privileged EXEC mode.

previous next