EasyManuals Logo

Cisco Catalyst 6500 Series User Manual

Cisco Catalyst 6500 Series
392 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #211 background imageLoading...
Page #211 background image
11-3
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 11 Allowing Remote Management
Allowing SSH
This section includes the following topics:
Configuring SSH Access, page 11-3
Using an SSH Client, page 11-4
Configuring SSH Access
To configure SSH access to the FWSM, follow these steps:
Step 1 To generate an RSA key pair, which is required for SSH, enter the following command:
FWSM/contexta(config)# ca generate rsa key
modulus
The modulus (in bits) is 512, 768, 1024, or 2048. The larger the key modulus size you specify, the longer
it takes to generate an RSA. We recommend a value of 768.
Before you generate the key, you should set the host name and the domain name according to the
“Setting the Host Name” section on page 6-4 and the “Setting the Domain Name” section on page 6-5.
These settings are used in the key.
Step 2 To save the RSA keys to persistent Flash memory, enter the following command:
FWSM/contexta(config)# ca save all
Step 3 To identify the IP addresses from which the FWSM accepts connections, enter the following command
for each address or subnet:
FWSM/contexta(config)# ssh
source_IP_address
mask
source_interface
The FWSM accepts SSH connections from all interfaces, including the lowest security one.
Step 4 (Optional) To set the duration for how long an SSH session can be idle before the FWSM disconnects
the session, enter the following command:
FWSM/contexta(config)# ssh timeout
minutes
Set the timeout from 1 to 60 minutes. The default is 5 minutes. The default duration is too short in most
cases and should be increased until all pre-production testing and troubleshooting has been completed.
For example, to generate RSA keys and let a host on the inside interface with an address of 192.168.1.2
access the FWSM, enter the following command:
FWSM/contexta(config)# ca generate rsa key 1024
FWSM/contexta(config)# ca save all
FWSM/contexta(config)# ssh 192.168.1.2 255.255.255.255 inside
FWSM/contexta(config)# ssh 192.168.1.2 255.255.255.255 inside
FWSM/contexta(config)# ssh timeout 30
To allow all users on the 192.168.3.0 network to access the FWSM on the inside interface, the following
command:
FWSM/contexta(config)# ssh 192.168.3.0 255.255.255.0 inside

Table of Contents

Other manuals for Cisco Catalyst 6500 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 6500 Series and is the answer not in the manual?

Cisco Catalyst 6500 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 6500 Series
CategorySwitch
LanguageEnglish

Related product manuals