Concept Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

941

942

943

944

945

946

947

948

949

950

4 On Switch 2, in response to prompts, enter the path to the desired le and enter the port number specied in Step 1.

EXEC Privilege mode

Example of Using SCP to Copy from an SSH Server on Another Switch

Other SSH-related commands include:

• crypto key generate: generate keys for the SSH server.

• debug ip ssh: enables collecting SSH debug information.

• ip scp topdir: identify a location for les used in secure copy transfer.

• ip ssh authentication-retries: congure the maximum number of attempts that should be used to authenticate a user.

• ip ssh connection-rate-limit: congure the maximum number of incoming SSH connections per minute.

• ip ssh hostbased-authentication enable: enable host-based authentication for the SSHv2 server.

• ip ssh key-size: congure the size of the server-generated RSA SSHv1 key.

• ip ssh password-authentication enable: enable password authentication for the SSH server.

• ip ssh pub-key-file: specify the le the host-based authentication uses.

• ip ssh rhostsfile: specify the rhost le the host-based authorization uses.

• ip ssh rsa-authentication enable: enable RSA authentication for the SSHv2 server.

• ip ssh rsa-authentication: add keys for the RSA authentication.

• show crypto: display the public part of the SSH host-keys.

• show ip ssh client-pub-keys: display the client public keys used in host-based authentication.

• show ip ssh rsa-authentication: display the authorized-keys for the RSA authentication.

The following example shows the use of SCP and SSH to copy a software image from one switch running SSH server on UDP port 99 to

the local switch.

Dell#copy scp: flash:

Address or name of remote host []: 10.10.10.1

Port number of the server [22]: 99

Source file name []: test.cfg

User name to login remote host: admin

Password to login remote host:

Removing the RSA Host Keys and Zeroizing Storage

Use the crypto key zeroize rsa command to delete the host key pairs, both the public and private key information for RSA 1 and

or RSA 2 types. Note that when FIPS mode is enabled there is no RSA 1 key pair. Any memory currently holding these keys is zeroized

(written over with zeroes) and the NVRAM location where the keys are stored for persistence across reboots is also zeroized.

To remove the generated RSA host keys and zeroize the key storage location, use the crypto key zeroize rsa command in

CONFIGURATION mode.

Dell(conf)#crypto key zeroize rsa

Conguring When to Re-generate an SSH Key

You can congure the time-based or volume-based rekey threshold for an SSH session. If both threshold types are congured, the session

rekeys when either one of the thresholds is reached.

To congure the time or volume rekey threshold at which to re-generate the SSH key during an SSH session, use the ip ssh rekey

[time rekey-interval] [volume rekey-limit] command. CONFIGURATION mode.

Security

943