Section 11-7. SSH Telnet Configuration

Previous page
Table of content
Next page

11-7. SSH Telnet Configuration

  • Telnet connections to the switch take place over TCP port 23 and are transmitted in plain text.

  • If someone with a network analyzer captures packets going to a server, he can see the data transmitted in plain text, including the passwords.

  • Secure Shell (SSH) is a method of communicating through Telnet that encrypts packets before they are transmitted between devices.

  • SSH runs on TCP port 22 between a SSH-compatible client and a device configured to accept SSH connections.

  • Cisco switches support SSH version 1 only.

  • To implement SSH on your switch, it must be Crypto-compatible code.

  • By default SSH is disabled on the switch and must be enabled before clients can connect.

Configuration

To provide secure Telnet communications between the switch and a SSH Telnet client, you must configure the switch to allow SSH connectivity. The following commands outline the configuration steps to activate SSH.

1.

Set the Crypto key:

COS

 
 set crypto key rsa number

IOS

 
 (global) crypto key generate rsa


Before you can configure SSH, you must allow the switch to generate a key for encoding the data. The crypto key rsa command generates that key. For COS switches, the number option specifies the modulus length. For IOS you are prompted for a value. The greater the length, the stronger the encryption. The recommended modulus is 1024 or greater.

2.

Specify the devices allowed to SSH:

COS

 
 set ip permit address mask ssh

IOS

N/A


For the COS switches, SSH is enabled using IP permit lists. To enable the process, you must first specify who will be allowed to Telnet to the switch using SSH. If you don't want to specify any particular address or range of addresses using this command, enter any address with a mask of 0.0.0.0 to allow anyone to use the SSH process.

3.

Enable the SSH permit list:

COS

 
 set ip permit enable ssh

IOS

 
 (global) ip ssh


To actually enable the SSH process, use the command set ip permit ssh for a COS switch. This command allows the IP addresses specified in Step 2 to attach to the SSH Telnet process. For an IOS switch, turn on SSH with the global command ip ssh.

Verification

To verify configuration of SSH, use the following commands:

IOS

 
 show ip ssh show ip permit


Feature Example

This example shows the configuration that allows any device to access the switch using SSH. The RSA modulus for the switch will be set to 1024.

An example of the Catalyst OS configuration follows:

 Catalyst (enable)>set crypto key rsa 1024 Catalyst (enable)>set ip permit 0.0.0.0 0.0.0.0 ssh Catalyst (enable)>set ip permit ssh

An example of the Supervisor IOS configuration follows:

 Switch(config)#crypto key generate rsa Enter modulus:1024 Switch(config)#ip ssh Switch(config)#end Switch(config)#copy running-config startup-config


Previous page
Table of content
Next page
Cisco Field Manual. Catalyst Switch Configuration
Cisco Field Manual. Catalyst Switch Configuration
ISBN: 1587050439
EAN: N/A
Year: 2001
Pages: 150
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Building Web Applications with UML (2nd Edition)
C++ How to Program (5th Edition)
Cisco IOS Cookbook (Cookbooks (OReilly))
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy