Ssh configuration guidelines, General steps for configuring ssh – Allied Telesis AT-S63 User Manual

AT-S63 Management Software Menus Interface User’s Guide

Section VIII: Management Security

819

SSH

Configuration

Guidelines

Below are the guidelines to observe when you configure SSH:

ˆ

SSH requires two encryption key pairs. One key pair will function as
the host key and the other the server key. For instructions on creating
keys, refer to “Creating an Encryption Key” on page 767.

ˆ

The two encryption key pairs must be of different lengths of at least
one increment (256 bits) apart. The recommended bit size for a server
key is 768 bits. The recommended size for the host key is 1024 bits.

ˆ

You activate and configure SSH on the master switch of an enhanced
stack, not on slave switches.

ˆ

The AT-S63 software uses well-known port 22 as the SSH default port.

General Steps for

Configuring SSH

Configuring the SSH server involves several procedures. This section lists
the procedures you need to complete to configure the SSH feature.

1. Create two encryption key pairs on the master switch of the enhanced

switch. One pair will function as the host key and the other the server
key.

2. Configure and activate the Secure Shell server on the switch by

specifying the two encryption keys in the server software.

For instructions, see “Configuring SSH” on page 820.

3. Install SSH client software on your management station.

Follow the directions provided with the client software. You can
download SSH client software from the Internet. Two popular SSH
clients are PuTTY and CYGWIN.

4. Disable the Telnet server.

Although the switch allows the SSH and Telnet servers to be enabled
simultaneously, allowing Telnet to be enabled negates the security of
the SSH feature. To disable the Telnet server, see “Configuring the
Telnet Server” on page 73.

5. Log in to the switch from your SSH management station.