U
SER
A
UTHENTICATION
3-57
When you have obtained these, place them on your TFTP server, and use
the following command at the switch's command-line interface to replace
the default (unrecognized) certificate with an authorized one:
Note: The switch must be reset for the new certificate to be activated. To
reset the switch, type:
Console#reload
Configuring the Secure Shell
The Berkley-standard includes remote access tools originally designed for
Unix systems. Some of these tools have also been implemented for
Microsoft Windows and other environments. These tools, including
commands such as rlogin (remote login), rsh (remote shell), and rcp (remote
copy), are not secure from hostile attacks.
The Secure Shell (SSH) includes server/client applications intended as a
secure replacement for the older Berkley remote access tools. SSH can also
provide remote management access to this switch as a secure replacement
for Telnet. When the client contacts the switch via the SSH protocol, the
switch generates a public-key that the client uses along with a local user
name and password for access authentication. SSH also encrypts all data
transfers passing between the switch and SSH-enabled management
station clients, and ensures that data traveling over the network arrives
unaltered.
Note that you need to install an SSH client on the management station to
access the switch for management via the SSH protocol.
Note: The switch supports both SSH Version 1.5 and 2.0 clients.
Console#copy tftp https-certificate 4-87
TFTP server ip address: <server ip-address>
Source certificate file name: <certificate file name>
Source private file name: <private key file name>
Private password: <password for private key>