Administrator Guide

Specifying an SSH Version
The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to
conrm the setting.
Dell(conf)#ip ssh server version 2
Dell(conf)#do show ip ssh
SSH server : enabled.
SSH server version : v2.
SSH server vrf : default.
SSH server ciphers : 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-
ctr,aes256-ctr.
SSH server macs : hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-
sha2-256-96.
SSH server kex algorithms : diffie-hellman-group-exchange-sha1,diffie-hellman-group1-
sha1,diffie-hellman-group14-sha1.
Password Authentication : enabled.
Hostbased Authentication : disabled.
RSA Authentication : disabled.
Vty Encryption HMAC Remote IP
Dell(conf)#
To disable SSH server functions, use the no ip ssh server enable command.
Using SCP with SSH to Copy a Software Image
To use secure copy (SCP) to copy a software image through an SSH connection from one switch to another, use the following commands.
1 On Switch 1, set the SSH port number ( port 22 by default).
CONFIGURATION MODE
ip ssh server port number
2 On Switch 1, enable SSH.
CONFIGURATION MODE
copy ssh server enable
3 On Switch 2, invoke SCP.
CONFIGURATION MODE
copy scp: flash:
4 On Switch 2, in response to prompts, enter the path to the desired le and enter the port number specied in Step 1.
EXEC Privilege Mode
5 On the chassis, invoke SCP.
CONFIGURATION mode
copy scp: flash:
Example of Using SCP to Copy from an SSH Server on Another Switch
The following example shows the use of SCP and SSH to copy a software image from one switch running SSH server on UDP port 99 to
the local switch.
Other SSH related command include:
crypto key generate : generate keys for the SSH server.
debug ip ssh : enables collecting SSH debug information.
ip scp topdir : identify a location for les used in secure copy transfer.
ip ssh authentication-retries : congure the maximum number of attempts that should be used to authenticate a user.
ip ssh connection-rate-limit : congure the maximum number of incoming SSH connections per minute.
716
Security