Users Guide
Specifying an SSH Version
The following example shows using the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh
command to conrm the setting.
ell(conf)#ip ssh server version 2
Dell(conf)#do show ip ssh
SSH server : enabled.
SSH server version : v1 and v2.
SSH server vrf : default.
SSH server ciphers : aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,
3des-cbc.
SSH server macs : hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96.
SSH server kex algorithms : diffie-hellman-group-exchange-sha1,diffie-hellman-group1-
sha1,diffie-hellman-group14-sha1.
Password Authentication : enabled.
Hostbased Authentication : disabled.
RSA Authentication : disabled.
Vty Encryption HMAC Remote IP
Dell(conf)#
To disable SSH server functions, use the no ip ssh server enable command.
Using SCP with SSH to Copy a Software Image
To use secure copy (SCP) to copy a software image through an SSH connection from one switch to another, use the following commands.
1 On Switch 1, set the SSH port number (port 22 by default).
CONFIGURATION mode
ip ssh server port number
2 On Switch 1, enable SSH.
CONFIGURATION mode
ip ssh server enable
3 On Switch 2, invoke SCP.
CONFIGURATION mode
copy scp: flash:
4 On Switch 2, in response to prompts, enter the path to the desired le and enter the port number specied in Step 1.
EXEC Privilege mode
Example of Using SCP to Copy from an SSH Server on Another Switch
Other SSH-related commands include:
• crypto key generate: generate keys for the SSH server.
• debug ip ssh: enables collecting SSH debug information.
• ip scp topdir: identify a location for les used in secure copy transfer.
• ip ssh authentication-retries: congure the maximum number of attempts that should be used to authenticate a user.
• ip ssh connection-rate-limit: congure the maximum number of incoming SSH connections per minute.
• ip ssh hostbased-authentication enable: enable host-based authentication for the SSHv2 server.
• ip ssh key-size: congure the size of the server-generated RSA SSHv1 key.
• ip ssh password-authentication enable: enable password authentication for the SSH server.
• ip ssh pub-key-file: specify the le the host-based authentication uses.
• ip ssh rhostsfile: specify the rhost le the host-based authorization uses.
• ip ssh rsa-authentication enable: enable RSA authentication for the SSHv2 server.
Security
895