Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

941

942

943

944

945

946

947

948

949

950

914 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Configuring SSH2

Recreating SSH keys

You must recreate SSH keys after any one of the following events:

• After upgrading from a software release that supports SSH1, to a software release that

supports SSH2.

• After downgrading a software release that supports SSH2, to a software release that supports

SSH1

To recreate SSH keys, enter the following command.

PowerConnect(config)# crypto key generate

Syntax: crypto key generate

Generating a host key pair

When SSH is configured, a public and private host DSA key pair is generated for the device. The

SSH server on the device uses this host DSA key pair, along with a dynamically generated server

DSA key pair, to negotiate a session key and encryption method with the client trying to connect to

it.

The host DSA key pair is stored in the system-config file of the device. Only the public key is

readable. The public key should be added to a “known hosts” file (for example,

$HOME/.ssh/known_hosts on UNIX systems) on the clients who want to access the device. Some

SSH client programs add the public key to the known hosts file automatically; in other cases, you

must manually create a known hosts file and place the public key of the device in it.

While the SSH listener exists at all times, sessions can not be started from clients until a key is

generated. Once a key is generated, clients can start sessions. The keys are also not displayed in

the configuration file by default. To display the keys, use the ssh show-host-keys command in

Privileged EXEC mode.

To generate a public and private DSA host key pair on a device, enter the following command.

PowerConnect(config)# crypto key generate

When a host key pair is generated, it is saved to the flash memory of all management modules.

To disable SSH2 on a device, enter the following command.

PowerConnect(config)# crypto key zeroize

When SSH is disabled, it is deleted from the flash memory of all management modules.

Syntax: crypto key generate | zeroize

The generate keyword places a DSA host key pair in the flash memory and enables SSH on the

device.

The zeroize keyword deletes the DSA host key pair from the flash memory and disables SSH on the

device.

By default, public keys are hidden in the running configuration. You can optionally configure the

device to display the DSA host key pair in the running configuration file, by entering the following

command.

PowerConnect# ssh show-host-keys

Syntax: ssh show-host-keys