beautypg.com

Ssh overall configuration – Allied Telesis AT-S60 User Manual

Page 390

background image

AT-S60 Management Software User’s Guide

Section III: Security Features

389

SSH Overall Configuration

Configuring the SSH server requires you to perform several procedures.
The information in this section lists the procedures you need to
complete to configure the SSH feature, including the server and client
configuration. Since SSH is a complex feature, you need to perform all
the steps in the following procedure.

To configure the switch as an SSH server and configure SSH clients,
perform the following procedure:

1. Log on to the switch with the Manager login id.

You can only configure the SSH server when you are logged in as
Manager.

2. Create a host and server encryption keys.

Two RSA private keys are required to enable the Secure Shell
server. The first, called the host key, is the switch’s own RSA key.
The recommended length of this key is 1024 bits. The second key,
the server key, is a randomly created key, which is re-generated
after the specified timeout. The server key must be 128 bits
greater or less than the host key, but the server key should be at
least 512 bits. For procedures for creating a RSA private key, see
Configuring Keys for Encryption on page 347.

3. Configure and Enable the Secure Shell server.

See Configuring SSH on page 390.

4. Install SSH client software on your PC.

Follow the directions provided with the client software. You can
download SSH client software from the Internet. Two popular SSH
clients are PuTTY and CYGWIN.

5. Disable the Telnet server.

Although the software allows the SSH and Telenet servers to be
enabled simultaneously, allowing Telnet to be enabled negates
the security of the SSH feature. To disable the Telnet server, see
Configuring Management Access on page 59.

6. Logon to the SSH server from the SSH client.

Acceptable users are those with a Manager or Operator login as
well as users configured with the RADIUS and TACACS+ protocols.
You can add, delete, and modify users with the RADIUS and
TACACS+ feature. For information about how to configure
RADIUS and TACACS+, see Enabling TACACS+ or RADIUS on
page 399.

See also other documents in the category Allied Telesis Computer hardware: