S
YSTEM
M
ANAGEMENT
C
OMMANDS
4-49
a. The client sends its public key to the switch.
b. The switch compares the client's public key to those stored in memory.
c. If a match is found, the switch uses the public key to encrypt a random
sequence of bytes, and sends this string to the client.
d. The client uses its private key to decrypt the bytes, and sends the
decrypted bytes back to the switch.
e. The switch compares the decrypted bytes to the original bytes it sent. If
the two sets match, this means that the client's private key corresponds
to an authorized public key, and the client is authenticated.
Note: To use SSH with only password authentication, the host public key
must still be given to the client, either during initial connection or
manually entered into the known host file. However, you do not
need to configure the client’s keys.
ip ssh server
This command enables the Secure Shell (SSH) server on this switch. Use
the no form to disable this service.
Syntax
[no] ip ssh server
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
• The SSH server supports up to four client sessions. The maximum
number of client sessions includes both current Telnet sessions and
SSH sessions.
• The SSH server uses DSA or RSA for key exchange when the client
first establishes a connection with the switch, and then negotiates with
the client to select either DES (56-bit) or 3DES (168-bit) for data
encryption.