Enabling ssh2 for inbound switch access – Extreme Networks Px Series User Manual

Page 42

Advertising
background image

4-12

Px Series Application Switch Installation and Configuration Guide

The ExtremeWare SSH2 switch application also works with SSH2 client and server
(version 2.x or later) from SSH Communication Security, and the free SSH2 and SCP2
implementation (version 2.5 or later) from OpenSSH. The SFTP file transfer protocol is
required for file transfer using SCP2.

Enabling SSH2 for Inbound Switch Access

Because SSH2 is currently under U.S. export restrictions, you must first obtain a
security-enabled version of the ExtremeWare software from Extreme Networks before
you can enable SSH2. The procedure for obtaining a security-enabled version of the
ExtremeWare software is described in the ExtremeWare Software User Guide.

You must enable SSH2 on the switch before you can connect to it using an external
SSH2 client. Enabling SSH2 involves two steps:

Enabling SSH2 access, which may include specifying a list of clients that can access
the switch, and specifying a TCP port to be used for communication. By default, if
you have a security license, SSH2 is enabled using TCP port 22, with no restrictions
on client access.

Generating or specifying an authentication key for the SSH2 session.

To enable SSH2, use the following command:

enable ssh2 {access-profile [<access_profile> | none] {port

<tcp_port_number>}}

You can specify a list of predefined clients that are allowed SSH2 access to the switch.
To do this, you must create an access profile that contains a list of allowed IP addresses.
For more information on creating access profiles, refer to the ExtremeWare Software User
Guide.

You can also specify a TCP port number to be used for SSH2 communication. By default
the TCP port number is 22. The supported cipher is 3DES-CBC. The supported key
exchange is DSA.

An authentication key must be generated before the switch can accept incoming SSH2
sessions. This can be done automatically by the switch, or you can enter a previously
generated key. To have the key generated by the switch, use the following command:

config ssh2 key

Advertising
Popular Brands
Popular manuals