Gigabit Ethernet Switch Management Guide
C
OMMAND
 L
INE
 I
NTERFACE
4-48
d. The client uses its private key to decrypt the bytes, and sends the 
decrypted bytes back to the switch. 
e. The switch compares the decrypted bytes to the original bytes it sent. 
If the two sets match, this means that the client's private key 
corresponds to an authorized public key, and the client is 
authenticated. 
Note: To use SSH with only password authentication, the host public key 
must still be given to the client, either during initial connection or 
manually entered into the known host file. However, you do not 
need to configure the client’s keys.
ip ssh server
This command enables the Secure Shell (SSH) server on this switch. Use 
the no form to disable this service.
Syntax 
[no] ip ssh server
Default Setting 
Disabled
Command Mode 
Global Configuration
Command Usage 
• The SSH server supports up to four client sessions. The maximum 
number of client sessions includes both current Telnet sessions and 
SSH sessions.
• The SSH server uses DSA or RSA for key exchange when the client 
first establishes a connection with the switch, and then negotiates with 
the client to select either DES (56-bit) or 3DES (168-bit) for data 
encryption.
• You must generate the host key before enabling the SSH server.










