Configure SSH Server Authentication Settings on a Switch through the CLI

Available Languages

Download Options

  • PDF     (619.1 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (669.6 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (385.7 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:December 13, 2018
Document ID:SMB5801

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

Secure Shell (SSH) is a protocol that provides a secure remote connection to specific network devices. This connection provides functionality that is similar to a Telnet connection, except that it is encrypted. SSH allows the administrator to configure the switch through the command line interface (CLI) with a third party program.

The switch acts as an SSH client that provides SSH capabilities to the users within the network. The switch uses an SSH server to provide SSH services. When SSH server authentication is disabled, the switch takes any SSH server as trusted, which decreases security on your network. If SSH service is enabled on the switch, security is enhanced.

This article provides instructions on how to configure server authentication on a managed switch through the CLI.

Applicable Devices

  • Sx300 Series
  • Sx350 Series
  • SG350X Series
  • Sx500 Series
  • Sx550X Series

Software Version

  • 1.4.7.06 - Sx300, Sx500
  • 2.2.8.04 - Sx350, SG350X, Sx550X

Configure SSH Server Settings

Configure SSH Server Authentication Settings

Step 1. Log in to the switch console. The default username and password is cisco/cisco. If you have configured a new username or password, enter the credentials instead.

Note: To learn how to access an SMB switch CLI through SSH or Telnet, click here.

Note: The commands may vary depending on the exact model of your switch. In this example, the SG350X switch is accessed through Telnet.

Step 2. From the Privileged EXEC mode of the switch, enter the Global Configuration mode by entering the following:

SG350X#configure

Step 3. To enable remote SSH server authentication by the SSH client, enter the following:

SG350X(config)#ip ssh-client server authentication

Step 4. To specify the source interface which IPv4 address will be used as the Source IPv4 address for communication with IPv4 SSH servers, enter the following:

SG350X(config)#ip ssh-client source-interface [interface-id]
  • interface-id - Specifies the source interface.

Note: In this example, the source interface is VLAN 20.

Step 5. (Optional) To specify the source interface whose IPv6 address will be used as the Source IPv6 address for communication with IPv6 SSH servers, enter the following:

SG350X(config)#ipv6 ssh-client source-interface [interface-id]
  • interface-id — Specifies the source interface.

Note: In this example, source IPv6 address is not configured.

Step 6. To add a trusted server to the Trusted Remote SSH Server Table, enter the following:

SG350X(config)#ip ssh-client server fingerprint [host | ip-address] [fingerprint]

The parameters are:

  • host - Domain Name Server (DNS) name of an SSH server.
  • ip-address - Specifies the address of an SSH server. The IP address can be an IPv4, IPv6 or IPv6z address.
  • fingerprint - Fingerprint of the SSH server public key (32 Hex characters).

Note: In this example, the server IP address is 192.168.100.1 and the fingerprint used is 76:0d:a0:12:7f:30:09:d3:18:04:df:77:c8:8e:51:a8.

Step 7. Enter the exit command to go back to the Privileged EXEC mode:

SG350X(config)#exit

Step 8. To display the SSH server authentication settings on the switch, enter the following:

SG350X#show ip ssh-client server [host | ip-address]

The parameters are:

  • host - Domain Name Server (DNS) name of an SSH server.
  • ip-address - Specifies the address of an SSH server. The IP address can be an IPv4, IPv6 or IPv6z address.

Note: In this example, the server IP address 192.168.100.1 is entered.

Step 9. (Optional) In the Privileged EXEC mode of the switch, save the configured settings to the startup configuration file by entering the following:

SG350X#copy running-config startup-config

Step 10. (Optional) Press Y for Yes or N for No on your keyboard once the Overwrite file [startup-config].... prompt appears.

You have now learned the steps to configure server authentication on a managed switch through the CLI.

Revision History

Revision Publish Date Comments
1.0
13-Dec-2018
Initial Release

Was this Document Helpful?

FeedbackFeedback

Contact Cisco