SSH Configuration. Page 1 of 8

Similar documents
Operation Manual SSH H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Table of Contents 1 SSH Configuration 1-1

Contents. Configuring SSH 1

Configuring SSH and Telnet

DGS-3630-Series Switches

Using the Web-Browser and CLI Interfaces

File Upload and File Download FSOS

Lab Configure Basic AP security through GUI

Configuring SSH and Telnet

SSH H3C Low-End Ethernet Switches Configuration Examples. Table of Contents

What is Secure. Authenticated I know who I am talking to. Our communication is Encrypted

Implementing Secure Shell

Configuring Secure Shell (SSH)

Configuring Security for the ML-Series Card

Lab - Examining Telnet and SSH in Wireshark

TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the local terminal appears to be the

Configuring Secure Shell (SSH)

Lab Configure Basic AP Security through IOS CLI

Configuring Secure Shell (SSH)

Cryptography - SSH. Network Security Workshop May 2017 Phnom Penh, Cambodia

Release Notes: Version G Operating System for the HP Procurve Switch 4108GL. Caution: Archive Pre-G Configuration Files

Linux Network Administration

Inventory Manager Window

Server Utilities. Enabling Or Disabling Smart Access USB. This chapter includes the following sections:

Configuring Secure Shell (SSH)

Using keys with SSH Rob Judd

Connect using Putty to a Linux Server

Quick Note 038. Upgrade Software options and/or VPN Licenses on a Digi Transport router.

Using Cisco IOS XE Software

Configuring Secure Shell

Chapter 4. Network Security. Part II

Managing GSS User Accounts Through a TACACS+ Server

Administration of Cisco WLC

Configuring the Management Interface and Security

HP Load Balancing Module

Cryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Setting Up Physical Inventory

Configuring Secure Shell (SSH)

SSH. What is Safely 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

CCNA 1 Chapter 2 v5.0 Exam Answers %

ssh and handson Matsuzaki maz Yoshinobu 1

Cryptography Application : SSH. Cyber Security & Network Security March, 2017 Dhaka, Bangladesh

Table of Contents 1 AAA Overview AAA Configuration 2-1

SSH Algorithms for Common Criteria Certification

Telnet/SSH. Connecting to Hosts. Internet Technology 1

Application Note. Configuring SSH on Vocality units. Software From V07_04_01. Revision v1.5

Configuring TACACS+ Finding Feature Information. Prerequisites for TACACS+

Table of Contents 1 FTP and SFTP Configuration TFTP Configuration 2-1

SSH Configuration Examples H3C S7500 Series Ethernet Switches Release Table of Contents

Managing Certificates

Lab Using the CLI to Gather Network Device Information Topology

Basic IOS Command Structure. Router#disable Router>

Chapter 2. Switch Concepts and Configuration. Part II

Lab Student Lab Orientation

Configuring Local Authentication and Authorization

Using the Configuration Menu

CHAPTER 2 ACTIVITY

Cisco VPN 3002 Hardware Client Security Policy

File Transfers. Contents

Application Note Configuring the Netopia R2020 for use with ClipMail Pro and ClipExpress

EZL-200F Application Notes (002) SSL (Secure Socket Layer)

Configuring Secure Shell (SSH)

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

CCNA 1 Chapter 2 v5.0 Exam Answers 2013

Numerics. Index 1. SSH See SSH. connection inactivity time 2-3 console, for configuring authorized IP managers 11-5 DES 6-3, 7-3

If you prefer to use your own SSH client, configure NG Admin with the path to the executable:

Configuring 802.1X Settings on the WAP351

InterWorx Server Administrator SSH Guide. by InterWorx LLC

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4

Table of Contents 1 SSH Commands 1-1

Tandem-Systems, Ltd. Rhino Terminal. User s Manual

Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1

CISCO EXAM QUESTIONS & ANSWERS

Cryptography Application : SSH. 7 Sept 2017, Taichung, Taiwan

Table of Contents 1 AAA Overview AAA Configuration 2-1

Content and Purpose of This Guide... 1 User Management... 2

FSOS. Switch Management and Maintenance

Secure Shell Commands

Lab 7 Configuring Basic Router Settings with IOS CLI

Managing the Mobility Express Network

Implementing Secure Shell

Secure Shell Version 2 Support

Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4

Secure Shell Version 2 Support

Logging in through SNMP from an NMS 22 Overview 22 Configuring SNMP agent 22 NMS login example 24

VII. Corente Services SSL Client

CISCO SWITCH BEST PRACTICES GUIDE

Secure Shell Commands

Controlling Switch Access with Passwords and Privilege Levels

Configuring Switch Security

Nortel Secure Router 2330/4134 Commissioning. Release: 10.2 Document Revision: NN

Console Port, Telnet, and SSH Handling

LECTURE 7. Readings: - SSH: The Definitive Guide; D.J. Barret et al.; O Reilly Lecture outline: - SSH. Marco Spaziani Brunella, Manuel Campo

Initial Configuration and Recovery

1.1 Configuring HQ Router as Remote Access Group VPN Server

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

Configuring SSL. SSL Overview CHAPTER

Controlling Switch Access with Passwords and Privilege Levels

802.1x Configuration. FSOS 802.1X Configuration

Transcription:

SSH Configuration Page 1 of 8

Contents Chapter 1 SSH Terminal Services...3 1.1 Introduction to SSH... 3 1.2 SSH Server Configuration... 4 1.3 Log in Switch from SSH Client... 4 1.4 SSH Server Configuration Example...5 1.1.1 Use Default Key...5 1.1.2 Use Loaded Key...6 Page 2 of 8

Chapter 1 SSH Terminal Services 1.1 Introduction to SSH Secure Shell (SSH) can provide information security and powerful authentication to prevent such assaults as IP address spoofing, plain-text password interception when users log on to the Switch remotely through an insecure network environment. SSH can take the place of the Telnet to provide safe management and configuration. A Switch can connect to multiple SSH clients, and currently supports SSHv2.0 version. The communication process between the server and client includes these five stages: Version negotiation stage: These operations are completed at this stage: The client sends TCP connection requirement to the server. When TCP connection is established, both ends begin to negotiate the SSH version. If they can work together in harmony, they enter the key algorithm negotiation stage. Otherwise the server clears the TCP connection. Key algorithm negotiation stage. These operations are completed at this stage: The server sends the public key in a randomly generated RSA key pair to the client. The client figures out session key based on the public key from the server and the random number generated locally. The client encrypts the random number with the public key from the server and sends the result back to the server. The server then decrypts the received data with the server private key to get the client random number. The server then uses the same algorithm to work out the session key based on server public key and the returned random number. Then both ends get the same session key without data transfer over the network, while the key is used at both ends for encryption and decryption. Authentication method negotiation stage: These operations are completed at this stage: The client sends its username information to the server. The server authenticates the username information from the client. The client authenticates information from the user at the server till the authentication succeeds or the connection is turned off due to authentication timeout. Session request stage: The client sends session request messages to the server which processes the request messages. Interactive session stage: Both ends exchange data till the session ends Page 3 of 8

1.2 SSH Server Configuration A Switch, as a SSH server, can connect to multiple SSH clients. SSH clients can be both LAN users and WAN users. The switches can only SSH server and support SSH v2. The following table describes SSH server configuration tasks. Table 1-1 Configure SSHv2.0 server Operation Command Description Enable SSH Use this command in global ssh configuration mode. By default, this function is disabled. Configure the default key Use this command in privileged cry generate rsa mode. Load SSH key Use this command in privileged cry refresh rsa mode. This command will cover current key. Clear configured key Use this command in privileged cry zeroize rsa mode. Load/upload the key (public or {load upload} keyfile {private Use this command in privileged private) through TFTP public} TFTP A.B.C.D mode. file_name Load/upload the key (public or private) through FTP Show SSH Show SSH key {load upload} keyfile {private public} FTP A.B.C.D file_name Username Password show ssh show keyfile {public private} Use this command in privileged mode. 1.3 Log in Switch from SSH Client To successfully establish SSH connection, pay attention to following points: 1. Create the connection between SSH client and server. 2. The version of client and server should be the same. 3. The key matched. 4. SSH function in server should be enabled. By default, there is a pair of keys saved in switch. The loaded key can also be used. Pay attention to followings: 1. The configured keyfile must be RSA. The keyfile includes public key and private key. It can be default key or loaded keyfile through ftp/tftp. No keyfile is configured in initiation. The default key can be used only after generating by command. The configured key is saved in Flash and can only be used after loading when rebooting. Page 4 of 8

2. User cannot log in device through SSH client if the configured key is not RSA key or the public and private key are not matched. 3. There can be comment line and key content in the keyfile. Comment line should contain : or space. Key content contain the key encoded by Base64 coding, without : and space. Public key cannot be in private keyfile and private keyfilecannot be encrypted by password. 1.4 SSH Server Configuration Example 1.1.1 Use Default Key i. Network requirements As shown in Figure 1-1, The PC (SSH Client) runs the client software which supports SSHv2.0, establish a local connection with the switch (SSH Server) and ensure the security of data exchange. ii. Network diagram Figure 1-1. iii. Configuration procedure 1. Enable SSH Network diagram for SSH server configuration Switch(config)#ssh Config SSH state successfully. Switch(config)# 2. Display SSH configuration to ensure the keyfile can be used. Switch(config)#show ssh ssh version : 2.0 ssh state : on ssh key file : available 3. Open SSH client in PC and log in switch Page 5 of 8

1.1.2 Use Loaded Key iv. Network requirements As shown in Figure 1-2, The PC (SSH Client) runs the client software which supports SSHv2.0, establish a local connection with the switch (SSH Server) and ensure the security of data exchange. v. Network diagram Figure 1-2. Network diagram for SSH server configuration vi. Configuration procedure 1. Use key generated tool to generate a pair of RSA key as Figure 1-3. 2. Load key Figure 1-3. Example of correct private key form Switch#load keyfile private tftp 1.1.1.1 private.ppk SSH key file will be updated, are you sure(y/n)? [n]y Loading SSH key file via TFTP... Load SSH key file via TFTP successfully. Switch#load keyfile public tftp 1.1.1.1 public.pub SSH key file will be updated, are you sure(y/n)? [n]y Loading SSH key file via TFTP... Load SSH key file via TFTP successfully. Page 6 of 8

3. Enable SSH Switch(config)#ssh Config SSH state successfully. 4. Display SSH configuration to ensure the keyfile can be used. Switch(config)#show ssh ssh version : 2.0 ssh state : on ssh key file : available 5. Ensure current key is the loaded key (if it is not the loaded key, use cry key refresh to refresh it) Switch#show key private PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: rsa-key-20090624 Private-Lines: 8 AAAAgGtls5qVyP9TEpW+HfiYWRfaKCrhH2EYsQke/r21hjz7BTwzmg8Y/gatMTBw mmjtn1eai9mqk5sipkjekt6jucjbal1dpqn50xw+ztdz+lekemexgk8cfm6nxpzq a3fmx6rjghui9ey09bd9hvkzdnh9psuoi8pl1xniffvv0ssjaaaaqqd1wxgoflcm udsha/ysls6nqrzayjcvpyt8pvpjuz7ceto4ii5zxo/jhey6qtemsvdfyo+dxszx BEodj+rrnWGHAAAAQQCl2QrR5hZvY/cM1DDxhTFjPkNiuXrCGdYEYpPbws5jxJTl wtypyw5yisimmxc5wpvvngnukww2inbuzqxo8xtzaaaaqbam4z8ktff8smpc60vl q9rjapctrfpu9qn0i00liilo3ju2e0dgrk1qf00qa1o2amcfa+hp1hbhy424ftrx FJ0= Private-MAC: 37b49b5d489ff022fa3de91b2330fd89a74eaeff Switch#show key public ---- BEGIN SSH2 PUBLIC KEY ---- Comment: "rsa-key-20090624" AAAAB3NzaC1yc2EAAAABJQAAAIEAnvKtp1iP4Ee/WH/F9QpvYL3AkWGpUkNDc+Yx VjWdtmlFMCNpIJWg6ylIzM+acQ3C3akqx7xfk62PV9YhDBEIsHZIFh4seZbNHSiC ZS2B0txcVPNe6+WrUhHsExzp3fEmNsrB5E5BPKmQyU0+6QS691oQhZUnHN93J1r1 8GelrKU= ---- END SSH2 PUBLIC KEY ---- Page 7 of 8

6. Open SSH client in PC and log in switch. Page 8 of 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback