Configuring ssh features on the switch, Ssh encryption of management messages, Generating rsa host and server keys for ssh access – Juniper Networks EX2500 User Manual
Page 32
EX2500 Ethernet Switch Configuration Guide
18
Securing Access to the Switch
The EX2500 implementation of SSH supports versions 1.0 and 2.0 and SSH client
versions 1.5 through 2.x.
Configuring SSH Features on the Switch
SSH is disabled by default. Before you can use SSH commands on the switch, turn
on SSH as follows:
ex2500(config)# ssh enable
SSH Encryption of Management Messages
The following encryption and authentication methods are supported for SSH:
Server Host Authentication: Client RSA authenticates the switch at the
beginning of every connection.
Key Exchange: RSA.
Encryption: 3DES-CBC and DES.
User Authentication: Local password authentication.
Generating RSA Host and Server Keys for SSH Access
To support the SSH server feature, two sets of RSA keys (host and server keys) are
required. The host key is 1024 bits and is used to identify the EX2500 switch. The
server key is 768 bits and is used to make it impossible for someone to decipher a
captured session by breaking into the EX2500 switch at a later time.
When the SSH server is first enabled and applied, the switch automatically
generates the RSA host and server keys, which are stored in the Flash memory. To
configure RSA host and server keys, enter the following commands to generate
them manually:
ex2500(config)# ssh generate-host-key
ex2500(config)# ssh generate-server-key
When the switch reboots, it will retrieve the host and server keys from the Flash
memory. If these two keys are not available in the flash and if the SSH server
feature is enabled, the switch automatically generates them during the system
reboot. This process might take several minutes to complete.
The switch can automatically regenerate the RSA server key. To set the interval of
RSA server key autogeneration, use the following command:
ex2500(config)# ssh interval <number of hours (0-24)>