124 Configuring and Managing IP Interfaces and Services
320657-A
You can verify the key using the following command:
show crypto key ssh
For example:
23x0# show crypto key ssh
ec:6f:56:7f:d1:fd:c0:28:93:ae:a4:f9:7c:f5:13:04
This command displays the checksum (also called a fingerprint) of the public key. When you initially connect to the
WSS with an SSH client, you can compare the SSH key checksum displayed by the WSS switch with the one displayed
by the client to verify that you really are connected to the WSS and not another device. Generally, SSH clients remember
the encryption key after the first connection, so you need to check the key only once.
Adding an SSH User
To log in with SSH, a user must supply a valid username and password. To add a username and password to the local
database, use the following command:
set user username password password
Optionally, you also can configure WSS Software either to locally authenticate the user or to use a RADIUS server to
authenticate the user. Use the following command:
set authentication admin {user-wildcard} method1 [method2] [method3] [method4]
To add administrative user WSSadmin with password letmein, and use RADIUS server group sg1 to authenticate the
user, type the following commands:
23x0# set user WSSadmin password letmein
success: User WSSadmin created
23x0# set authentication admin WSSadmin sg1
success: change accepted
(For more information, see “Adding and Clearing Local Users for Administrative Access” on page 63.)
Changing the SSH Service Port Number
To change the SSH port the WSS listens on for SSH connections, use the following command:
set ip ssh port port-num
Caution! If you change the SSH port number from an SSH session, WSS Software
immediately ends the session. To open a new management session, you must configure
the SSH client to use the new SSH port number.
