Allied Telesis AT-S63 User Manual
Page 408
Chapter 31: Secure Shell (SSH) Commands
408
Note
Before you enable SSH, disable the Telnet management session.
Otherwise, the security provided by SSH is not active. See “DISABLE
TELNET” on page 37.
Example
The following command activates the Secure Shell server and specifies
encryption key pair 0 as the host key and key pair 1 as the server key:
enable ssh server hostkey=0 serverkey=1
General Configuration Steps for SSH Operation
Configuring the SSH server involves several commands. The information
in this section lists the functions and commands you need to perform to
configure the SSH feature.
10. Create two encryption key pairs. One pair will function as the SSH host
key and another as the SSH server key. The keys must be of different
lengths of at least one increment (256 bits) apart. The recommended
size for the server key is 768 bits. The recommended size for the server
key is 1024 bits. To create a key pair, see to “CREATE ENCO KEY” on
page 378.
11. Disable Telnet access to the switch with the DISABLE TELNET
command. See “DISABLE TELNET” on page 37.
Although the AT-S63 management software allows the SSH and
Telnet servers to be active on the switch simultaneously, allowing
Telnet to remain active negates the security of the SSH feature.
12. Configure and activate SSH on the switch using “ENABLE SSH SERVER”
13. Install SSH client software on your PC.
Follow the directions provided with the client software. You can
download SSH client software from the Internet. Two popular SSH
clients are PuTTY and CYGWIN.
14. Logon to the SSH server from the SSH client.
Acceptable users are those with a Manager or Operator login as
well as users configured with the RADIUS and TACACS+ protocols.
You can add, delete, and modify users with the RADIUS and
TACACS+ feature. For information about how to configure
RADIUS and TACACS+, see “TACACS+ and RADIUS Commands” on
page 413.