Reference Guide

ManualsBrandsDell ManualsComputer equipmentNetworking Z9500

671

672

673

674

675

676

677

678

679

680

Dell#copy scp: flash:

Address or name of remote host []: 10.10.10.1

Port number of the server [22]: 99

Source file name []: test.cfg

User name to login remote host: admin

Password to login remote host:

Removing the RSA Host Keys and Zeroizing Storage

Use the crypto key zeroize rsa command to delete the host key pairs, both the public and private key information for

RSA 1 and or RSA 2 types. Note that when FIPS mode is enabled there is no RSA 1 key pair. Any memory currently holding these

keys is zeroized (written over with zeroes) and the NVRAM location where the keys are stored for persistence across reboots is

also zeroized.

To remove the generated RSA host keys and zeroize the key storage location, use the crypto key zeroize rsa

command in CONFIGURATION mode.

Dell(conf)#crypto key zeroize rsa

Configuring When to Re-generate an SSH Key

You can configure the time-based or volume-based rekey threshold for an SSH session. If both threshold types are configured,

the session rekeys when either one of the thresholds is reached.

To configure the time or volume rekey threshold at which to re-generate the SSH key during an SSH session, use the ip ssh

rekey [time rekey-interval] [volume rekey-limit] command. CONFIGURATION mode.

Configure the following parameters:

● rekey-interval: time-based rekey threshold for an SSH session. The range is from 10 to 1440 minutes. The default is 60

minutes.

● rekey-limit: volume-based rekey threshold for an SSH session. The range is from 1 to 4096 to megabytes. The default is

1024 megabytes.

Examples

The following example configures the time-based rekey threshold for an SSH session to 30 minutes.

Dell(conf)#ip ssh rekey time 30

The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes.

Dell(conf)#ip ssh rekey volume 4096

Configuring the SSH Server Cipher List

To configure the cipher list supported by the SSH server, use the ip ssh server ciphers cipher-list command in

CONFIGURATION mode.

cipher-list-: Enter a space-delimited list of ciphers the SSH server will support.

The following ciphers are available.

● 3des-cbc

● aes128-cbc

● aes192-cbc

● aes256-cbc

● aes128-ctr

678

Security