Limitations, Configuring ssh, Configuration guidelines – Dell POWEREDGE M1000E User Manual

Page 243

Advertising
background image

8-39

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 8 Configuring Switch-Based Authentication

Configuring the Switch for Secure Shell

Note

This software release does not support IP Security (IPSec).

Limitations

These limitations apply to SSH:

The switch supports Rivest, Shamir, and Adelman (RSA) authentication.

SSH supports only the execution-shell application.

The SSH server and the SSH client are supported only on DES (56-bit) and 3DES (168-bit) data
encryption software.

The switch does not support the Advanced Encryption Standard (AES) symmetric encryption
algorithm.

Configuring SSH

This section has this configuration information:

Configuration Guidelines, page 8-39

Setting Up the Switch to Run SSH, page 8-40

(required)

Configuring the SSH Server, page 8-41

(required only if you are configuring the switch as an SSH

server)

Configuration Guidelines

Follow these guidelines when configuring the switch as an SSH server or SSH client:

An RSA key pair generated by a SSHv1 server can be used by an SSHv2 server, and the reverse.

If the SSH server is running on a stack master and the stack master fails, the new stack master uses
the RSA key pair generated by the previous stack master.

If you get CLI error messages after entering the crypto key generate rsa global configuration
command, an RSA key pair has not been generated. Reconfigure the hostname and domain, and then
enter the crypto key generate rsa command. For more information, see the

“Setting Up the Switch

to Run SSH” section on page 8-40

.

When generating the RSA key pair, the message

No host name specified

might appear. If it does,

you must configure a hostname by using the hostname global configuration command.

When generating the RSA key pair, the message

No domain specified

might appear. If it does, you

must configure an IP domain name by using the ip domain-name global configuration command.

When configuring the local authentication and authorization authentication method, make sure that
AAA is disabled on the console.

Advertising
Popular Brands
Popular manuals