The Berkeley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
The Secure Shell (SSH) includes server/client applications intended as a secure replacement for the older Berkeley remote access tools. SSH can also provide remote management access to this switch as a secure replacement for Telnet. When the client contacts the switch via the SSH protocol, the switch generates a public-key that the client uses along with a local user name and password for access authentication. SSH also encrypts all data transfers passing between the switch and SSH-enabled management station clients, and ensures that data traveling over the network arrives unaltered.
Note: You need to install an SSH client on the management station to access
the switch for management via the SSH protocol.
Note: The switch supports both SSH Version 1.5 and 2.0 clients.
Use the Security > SSH (Configure Global) page to enable the SSH server and configure basic settings for authentication.
Note: You must generate DSA and RSA host keys before enabling the SSH server.
Allows you to enable/disable the SSH server on the switch. (Default: Disabled)
The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients.
Specifies the time interval in seconds that the SSH server waits for a response from a client during an authentication attempt. (Range: 1-120 seconds; Default: 120 seconds)
Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process. (Range: 1-5 times; Default: 3)
Specifies the SSH server key size. (Range: 512-896 bits; Default:768)
The server key is a private key that is never shared outside the switch.
The host key is shared with the SSH client, and is fixed at 1024 bits.
Use the Security > SSH (Configure Host Key - Generate) page to generate a host public/private key pair used to provide secure communications between an SSH client and the switch. After generating this key pair, you must provide the host public key to SSH clients and import the client's public key to the switch.
Note: A host key pair must be configured on the switch before you can enable the SSH server.
The key type used to generate the host key pair (i.e., public and private keys). (Range: RSA (Version 1), DSA (Version 2), Both; Default: Both)
The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption.
Note: The switch uses only RSA Version 1 for SSHv1.5 clients and DSA Version 2 for SSHv2 clients.
Saves the host key from RAM (i.e., volatile memory) to flash memory. Otherwise, the host key pair is stored to RAM by default. Note that you must select this item from the Show page. (Default: Disabled)
Use the Security > SSH (Configure User Key - Copy) page to upload a user's public key to the switch. This public key must be stored on the switch for the user to be able to log in using the public key authentication mechanism. If the user's public key does not exist on the switch, SSH will revert to the interactive password authentication mechanism to complete authentication.
This drop-down box selects the user who's public key you wish to manage. Note that you must first create users on the User Accounts page.
The type of public key to upload..
RSA: The switch accepts a RSA version 1 encrypted public key.
DSA: The switch accepts a DSA version 2 encrypted public key.
The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption.
The switch uses only RSA Version 1 for SSHv1.5 clients and DSA Version 2 for SSHv2 clients..
The IP address of the TFTP server that contains the public key file you wish to import.
The public key file to upload.