beautypg.com

41 configuring secure shell, 1 overview, 2 references – CANOGA PERKINS 9175 Configuration Guide User Manual

Page 260: 3 terminology, 4 configuring the ssh server

background image

CanogaOS Configuration Guide

41-1

41 Configuring Secure Shell

41.1 Overview

The Secure Shell (SSH) is a protocol that provides a secure, remote connection to a
device. SSH provides more security for remote connections than Telnet does by
providing strong encryption when a device is authenticated. SSH supports the Data
Encryption Standard (DES) encryption algorithm, the Triple DES (3DES) encryption
algorithm, and password-based user authentication. The SSH feature has an SSH
server and an SSH integrated client, which are applications that run on the switch. You
can use an SSH client to connect to a switch running the SSH server. The SSH server
works with the SSH client supported in this release and with SSH clients. The SSH client
also works with the SSH server supported in this release and with SSH servers.

41.2 References

The SSH module is based on the following document:
RFC 4716, RFC 4255, RFC 4256

41.3 Terminology

Following is a brief description of terms and concepts used to describe the SSH protocol:
RSA
Rivest, Shamir, and Adelman authentication.

DES
Data Encryption Standard.

3DES
Triple Data Encryption Standard.

41.4 Configuring the SSH Server

Beginning in privileged EXEC mode, follow these steps to configure the SSH server:

DUT#configure terminal

Enter the Configure mode.

DUT(config)#ip ssh server enable

Enable SSH server globally

DUT(config)#ip ssh server version all

(Optional) Configure the switch to run SSH Version 1
or SSH Version 2 or both.

• 1—Configure the switch to run SSH Version 1.
• 2—Configure the switch to run SSH Version 2.
• all—Configure the switch to run SSH Version 1 and
Version 2.

DUT(config)#ip ssh server authentication-timeout 100

Configure the SSH control parameters:

• Specify the time-out value in seconds; the default is
120 seconds. The range is 0 to 120 seconds. This
parameter applies to the SSH negotiation phase.

DUT(config)#ip ssh server authentication-retries 3

Configure the SSH control parameters: