Configuring Secure Shell (SSH)
General Operating Rules and Notes
General Operating Rules and Notes
■ Public keys generated on an SSH client must be exportable to the
switch. The switch can only store 10 keys client key pairs.
■ The switch’s own public/private key pair and the (optional) client
public key file are stored in the switch’s flash memory and are not
affected by reboots or the erase startup-config command.
■ Once you generate a key pair on the switch you should avoid re-
generating the key pair without a compelling reason. Otherwise, you
will have to re-introduce the switch’s public key on all management
stations (clients) you previously set up for SSH access to the switch.
In some situations this can temporarily allow security breaches.
■ When stacking is enabled, SSH provides security only between an SSH
client and the stack manager. Communications between the stack
commander and stack members is not secure.
■ The switch does not support outbound SSH sessions. Thus, if you
Telnet from an SSH-secure switch to another SSH-secure switch, the
session is not secure.
4-8
