Security: SSH Client
Protection Methods
Cisco 500 Series Stackable Managed Switch Administration Guide 548
24
The username/password must then be created on the device. When data is
transferred from the server to the device, the username/password supplied by the
device must match the username/password on the server.
Data can be encrypted using a one-time symmetric key negotiated during the
session.
Each device being managed must have its own username/password, although the
same username/password can be used for multiple switches.
The password method is the default method on the device.
Public/Private Keys
To use the public/private key method, create a username and public key on the
SSH server. The public key is generated on the device, as described below, and
then copied to the server. The actions of creating a username on the server and
copying the public key to the server are not described in this guide.
RSA and DSA default key pairs are generated for the device when it is booted.
One of these keys is used to encrypt the data being downloaded from the SSH
server. The RSA key is used by default.
If the user deletes one or both of these keys, they are regenerated.
The public/private keys are encrypted and stored in the device memory. The keys
are part of the device configuration file, and the private key can be displayed to
the user, in encrypted or plaintext form.
Since the private key cannot be copied directly to the private key of another
device, an import method exists that enables copying private keys from device to
device (described in Import Keys).
Import Keys
In the key method, individual public/private keys must be created for each
individual device, and these private keys cannot be copied directly from one
device to another because of security considerations.
If there are multiple switches in the network, the process of creating public/private
keys for all the switches might be time-consuming, because each public/private
key must be created and then loaded onto the SSH server.
To facilitate this process, an additional feature enables secure transfer of the
encrypted private key to all switches in the system.
To Next Page
Loading...
