Allied Telesis AT-S63 User Manual
Page 796
Chapter 44: Secure Shell (SSH) Commands
796
Section IX: Management Security
Note
Before you enable SSH, disable the Telnet management session.
Otherwise, the security provided by SSH is not active. See
“DISABLE TELNET” on page 65.
Example
The following command activates the Secure Shell server and specifies
encryption key pair 0 as the host key and key pair 1 as the server key:
enable ssh server hostkey=0 serverkey=1
General Configuration Steps for SSH Operation
Configuring the SSH server involves several commands. The information
in this section lists the functions and commands you need to perform to
configure the SSH feature.
1. Create two encryption key pairs. One pair will function as the SSH host
key and another as the SSH server key. The keys must be of different
lengths of at least one increment (256 bits) apart. The recommended
size for the server key is 768 bits. The recommended size for the
server key is 1024 bits. To create a key pair, see to “CREATE ENCO
KEY” on page 766.
2. Disable Telnet access to the switch or stack with the DISABLE
TELNET command. See “DISABLE TELNET” on page 65.
Although the AT-S63 Management Software allows the SSH and
Telnet servers to be active on the device simultaneously, allowing
Telnet to remain active negates the security of the SSH feature.
3. Configure and activate SSH on the device using “ENABLE SSH
4. Install SSH client software on your PC.
Follow the directions provided with the client software. You can
download SSH client software from the Internet. Two popular SSH
clients are PuTTY and CYGWIN.
5. Log on to the SSH server from the SSH client.
Acceptable users are those with a Manager or Operator login as well
as users configured with the RADIUS and TACACS+ protocols.