Filter
Top Products
Securing Access to the Switch 17
Chapter 1: Accessing the Switch
Secure Shell
Secure Shell (SSH) uses secure tunnels to encrypt and secure messages between a
remote administrator and the switch. Telnet does not provide this level of security.
The Telnet method of managing an EX2500 switch does not provide a secure
connection.
SSH is a protocol that enables remote administrators to log securely into the
EX2500 over a network to execute management commands.
SSH provides the following benefits:
Authentication of remote administrators
Identifying the administrator using Name and Password
Authorization of remote administrators
Determining the permitted actions and customizing service for individual
administrators
Encryption of management messages
Encrypting messages between the remote administrator and switch
The EX2500 implementation of SSH supports versions 1.0 and 2.0 and SSH client
versions 1.5 through 2.x.
Configuring SSH Features on the Switch
SSH is disabled by default. Before you can use SSH commands on the switch, turn
on SSH as follows:
ex2500(config)# ssh enable
SSH Encryption of Management Messages
The following encryption and authentication methods are supported for SSH:
Server Host Authentication: Client RSA authenticates the switch at the
beginning of every connection.
Key Exchange: RSA.
Encryption: 3DES-CBC and DES.
User Authentication: Local password authentication.
Generating RSA Host and Server Keys for SSH Access
To support the SSH server feature, two sets of RSA keys (host and server keys) are
required. The host key is 1024 bits and is used to identify the EX2500 switch. The
server key is 768 bits and is used to make it impossible for someone to decipher a
captured session by breaking into the EX2500 switch at a later time.