•
Before enabling SCP, you must correctly configure SSH, authentication, and authorization on the switch.
•
Because SCP relies on SSH for its secure transport, the router must have an Rivest, Shamir, and Adelman
(RSA) key pair.
•
SCP relies on SSH for security.
•
SCP requires that authentication, authorization, and accounting (AAA) authorization be configured so
the router can determine whether the user has the correct privilege level.
•
A user must have appropriate authorization to use SCP.
•
A user who has appropriate authorization can use SCP to copy any file in the Cisco IOS File System
(IFS) to and from a switch by using the copy command. An authorized administrator can also do this
from a workstation.
•
The Secure Shell (SSH) server requires an IPsec (Data Encryption Standard [DES] or 3DES) encryption
software image; the SSH client requires an IPsec (DES or 3DES) encryption software image.)
•
Configure a hostname and host domain for your device by using the hostname and ip domain-name
commands in global configuration mode.
Restrictions for Configuring Secure Shell
The following are restrictions for configuring the Switch for secure shell.
•
The switch supports Rivest, Shamir, and Adelman (RSA) authentication.
•
SSH supports only the execution-shell application.
•
The SSH server and the SSH client are supported only on Data Encryption Standard (DES) (56-bit) and
3DES (168-bit) data encryption software. In DES software images, DES is the only encryption algorithm
available. In 3DES software images, both DES and 3DES encryption algorithms are available.
•
The Switch supports the Advanced Encryption Standard (AES) encryption algorithm with a 128-bit key,
192-bit key, or 256-bit key. However, symmetric cipher AES to encrypt the keys is not supported.
•
This software release does not support IP Security (IPSec).
•
When using SCP, you cannot enter the password into the copy command. You must enter the password
when prompted.
•
The login banner is not supported in Secure Shell Version 1. It is supported in Secure Shell Version 2.
•
The -l keyword and userid :{number} {ip-address} delimiter and arguments are mandatory when
configuring the alternative method of Reverse SSH for console access.
Information about SSH
Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH provides more
security for remote connections than Telnet does by providing strong encryption when a device is authenticated.
This software release supports SSH Version 1 (SSHv1) and SSH Version 2 (SSHv2).
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1070
Restrictions for Configuring Secure Shell
To Next Page
Loading...
Need help?
General
