Prerequisites for Configuring Secure Shell
![]() Note |
Unless otherwise noted, the term “SSH” denotes “SSH Version 1” only. |
-
For SSH to work, the switch needs an Rivest, Shamir, and Adleman (RSA) public/private key pair. This is the same with Secure Copy Protocol (SCP), which relies on SSH for its secure transport.
-
Download the required image on the device. The Secure Shell (SSH) server requires an IPsec (Data Encryption Standard [DES] or 3DES) encryption software image; the SSH client requires an IPsec (DES or 3DES) encryption software image.)
-
Configure a hostname and host domain for your device by using the hostname and ip domain name commands in global configuration mode.
-
Generate a Rivest, Shamir, and Adleman (RSA) key pair for your device. This key pair automatically enables SSH and remote authentication when the crypto key generate rsa command is entered in global configuration mode.
![]() Note |
To delete the RSA key pair, use the crypto key zeroize rsa global configuration command. Once you delete the RSA key pair, you automatically disable the SSH server. |
-
Configure user authentication for local or remote access. You can configure authentication with or without authentication, authorization, and accounting (AAA).
-
The Secure Shell (SSH) server requires an IPsec (Data Encryption Standard [DES] or 3DES) encryption software image; the SSH client requires an IPsec (DES or 3DES) encryption software image.)