Prerequisites for Configuring Secure Shell
Note |
Unless otherwise noted, the term “SSH” denotes “SSH Version 1” only. |
-
For SSH to work, the switch needs an Rivest, Shamir, and Adleman (RSA) public/private key pair. This is the same with Secure Copy Protocol (SCP), which relies on SSH for its secure transport.
-
Download the required image on the device. The Secure Shell (SSH) server requires an IPsec (Data Encryption Standard [DES] or 3DES) encryption software image; the SSH client requires an IPsec (DES or 3DES) encryption software image.)
-
Configure a hostname and host domain for your device by using the hostname and ip domain name commands in global configuration mode.
-
Generate a Rivest, Shamir, and Adleman (RSA) key pair for your device. This key pair automatically enables SSH and remote authentication when the crypto key generate rsa command is entered in global configuration mode.
Note |
To delete the RSA key pair, use the crypto key zeroize rsa global configuration command. Once you delete the RSA key pair, you automatically disable the SSH server. |
-
Configure user authentication for local or remote access. You can configure authentication with or without authentication, authorization, and accounting (AAA).
-
The Secure Shell (SSH) server requires an IPsec (Data Encryption Standard [DES] or 3DES) encryption software image; the SSH client requires an IPsec (DES or 3DES) encryption software image.)