Generating rsa host and server keys for ssh access, Ssh integration with radius/tacacs+ authentication – Blade ICE G8000 User Manual

Page 35

Advertising
background image

RackSwitch G8000 Application Guide

Chapter 1: Accessing the Switch

„

35

BMD00041, November 2008

Generating RSA Host and Server Keys for SSH access

To support the SSH server feature, two sets of RSA keys (host and server keys) are required.
The host key is 1024 bits and is used to identify the G8000. The server key is 768 bits and is
used to make it impossible to decipher a captured session by breaking into the G8000 at a later
time.

When the SSH server is first enabled and applied, the switch automatically generates the RSA
host and server keys and is stored in the Flash memory. To configure RSA host and server
keys, enter the following commands to generate them manually.

When the switch reboots, it will retrieve the host and server keys from the Flash memory.
If these two keys are not available in the flash and if the SSH server feature is enabled, the
switch automatically generates them during the system reboot. This process may take several
minutes to complete.

The switch can automatically regenerate the RSA server key. To set the interval of RSA server
key autogeneration, use the following command:

A value of 0 (zero) denotes that RSA server key autogeneration is disabled. When greater
than 0, the switch will autogenerate the RSA server key every specified interval; however,
RSA server key generation is skipped if the switch is busy doing other key or cipher generation
when the timer expires.

N

OTE

The switch will perform only one session of key/cipher generation at a time. Thus, an

SSH client will not be able to log in if the switch is performing key generation at that time, or
if another client has logged in immediately prior. Also, key generation will fail if an SSH client
is logging in at that time.

SSH Integration with RADIUS/TACACS+ Authentication

SSH is integrated with RADIUS authentication. After the RADIUS server is enabled on the
switch, all subsequent SSH authentication requests will be redirected to the specified RADIUS
servers for authentication. The redirection is transparent to the SSH clients.

SSH is integrated with TACACS+ authentication. After the TACACS+ server is enabled on
the switch, all subsequent SSH authentication requests will be redirected to the specified
TACACS+ servers for authentication. The redirection is transparent to the SSH clients.

RS G8000 (config)# ssh generate-host-key

RS G8000 (config)# ssh generate-server-key

RS G8000 (config)# ssh interval

<number of hours (0-24)>

Advertising
Popular Brands
Popular manuals