Security: SSH Client
Overview
388 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
21
RSA and DSA default key pairs are generated for the device when it is booted. One of these
keys is used to encrypt the data being downloaded from the SSH server. The RSA key is used
by default.
If the user deletes one or both of these keys, they are regenerated.
The public/private keys are encrypted and stored in the device memory. The keys are part of
the device configuration file, and the private key can be displayed to the user, in encrypted or
plaintext form.
Since the private key cannot be copied directly to the private key of another device, an import
method exists that enables copying private keys from device to device (described in Import
Keys).
Import Keys
In the key method, individual public/private keys must be created for each individual device,
and these private keys cannot be copied directly from one device to another because of
security considerations.
If there are multiple switches in the network, the process of creating public/private keys for all
the switches might be time-consuming, because each public/private key must be created and
then loaded onto the SSH server.
To facilitate this process, an additional feature enables secure transfer of the encrypted private
key to all switches in the system.
When a private key is created on a device, it is also possible to create an associated
passphrase. This passphrase is used to encrypt the private key and to import it into the
remaining switches. In this way, all the switches can use the same public/private key.
Default Password
SSH user authentication by password is enabled by default, with the username/password being
“anonymous”.
The user must configure the following information for authentication:
• The authentication method to be used.
• The username/password or public/private key pair.
Supported Algorithms
When the connection between a device (as an SSH client) and an SSH server is established,
the client and SSH server exchange data in order to determine the algorithms to use in the SSH
transport layer.
To Next Page
Loading...
