82
Enhancements in Release F.04.08
Configuring Secure Shell (SSH)
The general steps for configuring SSH include:
A. Client Preparation
1. Install an SSH client application on a management station you want to use for access to the
switch. (Refer to the documentation provided with your SSH client application.)
2. Optional—If you want the switch to authenticate a client public-key on the client:
a.Either generate a public/private key pair on the client computer or (if your client
application allows) or import a client key pair that you have generated using another
SSH application.
b.Copy the client public key into an ASCII file on a TFTP server accessible to the switch
and download the client public key file to the switch . (The client public key file can hold
up to 10 client keys.) This topic is covered under “To Create a Client-Public-Key Text
File” on page 96.
B. Switch Preparation
1. Assign a login (Operator) and enable (Manager) password on the switch (page 85).
2. Generate a public/private key pair on the switch (page 85).
You need to do this only once. The key remains in the switch even if you reset the switch to
its factory-default configuration. (You can remove or replace this key pair, if necessary.)
3. Copy the switch’s public key to the SSH clients you want to access the switch (page 87).
4. Enable SSH on the switch (page 89).
5. Configure the primary and secondary authentication methods you want the switch to use.
In all cases, the switch will use its host-public-key to authenticate itself when initiating an
SSH session with a client.
•SSH Login (Operator) options:
–Option A:
Primary: Local, TACACS+, or RADIUS password
Secondary: Local password or none
–Option B:
Primary: Client public-key authentication (login rsa — page 95)
Secondary: Local password or none
Note that if you want the switch to perform client public-key authentication, you must
configure the switch with Option B.
•SSH Enable (Manager) options:
Primary: Local, TACACS+, or RADIUS
Secondary: Local password or none