83
Enhancements in Release F.04.08
Configuring Secure Shell (SSH)
6. Use your SSH client to access the switch using the switch’s IP address or DNS name (if
allowed by your SSH client application). Refer to the documentation provided with the
client application.
General Operating Rules and Notes
■ Any SSH client application you use must offer backwards-compatibility to SSHv1 keys and
operation.
■ Public keys generated on an SSH client computer must be in ASCII format (used in SSHv1)
if you want to be able to authenticate a client to the switch. The switch does not support
keys generated in the PEM (base-64 Privacy Enhanced Mode) format. See the Note under
“Prerequisite for Using SSH” on page 80.
■ The switch’s own public/private key pair and the (optional) client public key file are stored
in the switch’s flash memory and are not affected by reboots or the erase startup-config
command.
■ Once you generate a key pair on the switch you should avoid re-generating the key pair
without a compelling reason. Otherwise, you will have to re-introduce the switch’s public
key on all management stations (clients) you previously set up for SSH access to the switch.
In some situations this can temporarily allow security breaches.
■ When stacking is enabled, SSH provides security only between an SSH client and the stack
manager. Communications between the stack commander and stack members is not secure.
■ The switch does not support outbound SSH sessions. Thus, if you Telnet from an SSH-secure
switch to another SSH-secure switch, the session is not secure.