beautypg.com

Creating a secure shell server – Allied Telesis AT-S60 User Manual

Page 273

background image

AT-S60 Command Line User’s Guide

271

Creating a

Secure Shell

Server

This section provides a procedure to configure the switch as a secure
shell server. It is followed by an example.

Configuring the SSH server requires you to perform several procedures.
The information in this section lists the commands you need to enter to
configure the SSH feature. Since SSH is a complex feature, you need to
perform all the steps in the following procedure.

For detailed information about the AT-S60 security features, see
Section III: Security Features in the AT-S60 Software Management
User’s Guide.

To configure the switch as an SSH server and configure SSH clients,
perform the following procedure:

1. Create encryption keys for the SSH host and server. See CREATE

ENCO KEY on page 243.

Two RSA private keys are required to enable the Secure Shell
server. The first, called the host key, is the switch’s own RSA key.
The recommended length of the host key is 1024 bits. The second
key, the server key, is a randomly created key, which is re-
generated after the specified timeout. The recommended size for
the server key is 768 bits. The server key must be 128 bits greater
or less than the host key, but the server key should be at least 512
bits.

2. Disable the Telnet access to the switch with the DISABLE TELNET

command. See DISABLE TELNET on page 30.

Although the software allows the SSH and Telenet servers to be
enabled simultaneously, allowing Telnet to be enabled negates
the security of the SSH feature.

3. Configure and Enable the Secure Shell server.

This command allows you associate the server and host keys with
the server. See ENABLE SSH SERVER on page 269.

4. Install SSH client software on your PC.

Follow the directions provided with the client software. You can
download SSH client software from the Internet. Two popular SSH
clients are PuTTY and CYGWIN.

5. Logon to the SSH server from the SSH client.

Acceptable users are those with a Manager or Operator login as
well as users configured with the RADIUS and TACACS+ protocols.
You can add, delete, and modify users with the RADIUS and

See also other documents in the category Allied Telesis Computer hardware: