Ssh overall configuration – Allied Telesis AT-S60 User Manual

Page 534

background image

Chapter 26: Secure Shell (SSH)

Section V: Security Features

534

SSH Overall Configuration

Configuring the SSH server requires you to perform several procedures.
The information in this section lists the procedures you need to
complete to configure the SSH feature, including the server and client
configuration. Since SSH is a complex feature, you need to perform all
the steps in the following procedure.

To configure the switch as an SSH server and configure SSH clients,
perform the following procedure:

1. Log on to the switch with the Manager login id.

You can only configure the SSH server when you are logged in as
Manager.

2. Create a host and server encryption keys.

Two RSA private keys are required to enable the Secure Shell
server. The first, called the host key, is the switch’s own RSA key.
The recommended length of this key is 1024 bits. The second key,
the server key, is a randomly created key, which is re-generated
after the specified timeout. The server key must be 128 bits
greater or less than the host key, but the server key should be at
least 512 bits. For procedures for creating a RSA private key, see
Configuring Keys for Encryption on page 491.

3. Configure and Enable the Secure Shell server.

See Configuring SSH on page 535.

4. Install SSH client software on your PC.

Follow the directions provided with the client software. You can
download SSH client software from the Internet. Two popular SSH
clients are PuTTY and CYGWIN.

5. Disable the Telnet server.

Although the software allows the SSH and Telenet servers to be
enabled simultaneously, allowing Telnet to be enabled negates
the security of the SSH feature. To disable the Telnet server, see
Configuring Management Access on page 66.

6. Logon to the SSH server from the SSH client.

Acceptable users are those with a Manager or Operator login as
well as users configured with the RADIUS and TACACS+ protocols.
You can add, delete, and modify users with the RADIUS and
TACACS+ feature. For information about how to configure
RADIUS and TACACS+, see Enabling TACACS+ or RADIUS on page
544.

See also other documents in the category Allied Telesis Computer hardware: