Administrator Guide
Security Commands 1082
console(config)#ip ssh server
The following example configures the switch to allow administrative access
without a password for users with correctly configured SSH clients. This
example shows how to generate a public/private key pair on linux, configure
linux SSH and configure the switch to authenticate SSH connections.
Log in to your linux account and generate the RSA key pair. DSA keys are
considered weak.
ssh-keygen -t rsa
In the ~/.ssh subdirectory in your Linux account, create an SSH config file
"ssh_config" with the following contents:
User admin
PubkeyAuthentication yes
IdentityFile /home/jmclendo/.ssh/id_rsa
Substitute the name of the switch administrator for the User "admin"
parameter above and set the correct path to your account for the IdentityFile
parameter.
On the switch, generate the encryption keys, create the admin user, and
configure the SSH server and the authentication key as shown below, making
the appropriate substitutions for username:
console(config)#crypto key generate rsa
Do you want to overwrite the existing RSA keys? (y/n):y
RSA key generation started, this may take a few minutes...
RSA key generation complete.
console(config)#crypto key generate dsa
Do you want to overwrite the existing DSA keys? (y/n):y
DSA key generation started, this may take a few minutes...
DSA key generation complete.
console(config)#username "admin" password 5f4dcc3b5aa765d61d8327deb882cf99
privilege 15 encrypted
console(config)#ip ssh server
console(config)#ip ssh pubkey-auth
2CSNXXX_SWUM204.book Page 1082 Monday, January 25, 2016 1:25 PM