Manualshelf

Handbook

ManualsBrandsNEC ManualsBlade ServersNEC N8406-026 10Gb L3 Switch
21222324252627282930
Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 29
Generating RSA host and server keys for SSH access
To support the SSH server feature, two sets of RSA keys (host and server keys) are required. The host key is
1024 bits and is used to identify the switch. The server key is 768 bits and is used to make it impossible to
decipher a captured session by breaking into the switch at a later time.
When the SSH server is first enabled and applied, the switch automatically generates the RSA host and
server keys and is stored in the flash memory.
To configure RSA host and server keys, first connect to the switch console connection, and enter the
following commands to generate them manually:
>> # /cfg/sys/sshd/hkeygen (Generates the host key)
>> # /cfg/sys/sshd/skeygen (Generates the server key)
These two commands take effect immediately without the need of an apply command.
When the switch reboots, it will retrieve the host and server keys from the flash memory. If these two keys
are not available in the flash memory and if the SSH server feature is enabled, the switch automatically
generates them during the system reboot. This process may take several minutes to complete.
The switch can also automatically regenerate the RSA server key. To set the interval of RSA server key
autogeneration, use the following command:
>> # /cfg/sys/sshd/intrval <number of hours (0-24)>
A value of 0 denotes that RSA server key autogeneration is disabled. When greater than 0, the switch will
auto generate the RSA server key every specified interval; however, RSA server key generation is skipped
if the switch is busy doing other key or cipher generation when the timer expires.
The switch will perform only one session of key/cipher generation at a time. Thus, an SSH/SCP client will
not be able to log in if the switch is performing key generation at that time, or if another client has logged
in immediately prior. Also, key generation will fail if an SSH/SCP client is logging in at that time.
SSH/SCP integration with RADIUS and TACACS+ authentication
SSH/SCP is integrated with RADIUS and TACACS+ authentication. After the RADIUS or TACACS+ server is
enabled on the switch, all subsequent SSH authentication requests will be redirected to the specified
RADIUS or TACACS+ servers for authentication. The redirection is transparent to the SSH clients.