Ericsson ECN330 - Page 663

To Next Page

To Previous Page

Command Line Interface

6571553-KDU 137 365 Uen D 2006-06-16

To use the SSH server, complete these steps:

1. Generate a Host Key Pair – Use the ip ssh crypto host-key

generate command to create a host public/private key pair.

2. Provide Host Public Key to Clients – Many SSH client programs

automatically import the host public key during the initial connection setup

with the ECN330-switch. Otherwise, a known hosts file needs to be

manually created on the management station and the host public key placed

in it. An entry for a public key in the known hosts file would appear similar to

the following example:

10.1.0.54 1024 35 15684995401867669259333946775054617325313674890836547254

15020245593199868544358361651999923329781766065830956 10825913212890233

76546801726272571413428762941301196195566782 59566410486957427888146206

519417467729848654686157177393901647793559423035774130980227370877945452408397175264635

8058176716709574804776117

3. Import Client’s Public Key to the ECN330-switch – Use the copy tftp

public-key command to copy a file containing the public key for all the

SSH client’s granted management access to the ECN330-switch. (Note that

these clients must be configured locally on the ECN330-switch with the

username command as described on page 633.) The clients are

subsequently authenticated using these keys. The current firmware only

accepts public key files based on standard UNIX format as shown in the

following example for an RSA Version 1 key:

1024 35 1341081685609893921040944920155425347631641921872958921143173880

055536161631051775940838686311092912322268285192543746031009371877211996963178136627741

416898513204911720483033925432410163799759237144901193800609025394840848271781943722884

02533115952134861022902978982721353267131629432532818915045306393916643

steve@192.168.1.19

4. Set the Optional Parameters – Set other optional parameters, including the

authentication timeout, the number of retries, and the server key size.

5. Enable SSH Service – Use the ip ssh server command to enable the

SSH server on the ECN330-switch.

6. Configure Challenge-Response Authentication – When an SSH client

attempts to contact the ECN330-switch, the SSH server uses the host key

pair to negotiate a session key and encryption method. Only clients that

have a private key corresponding to the public keys stored on the ECN330-

switch can gain access. The following exchanges take place during this

process:

A The client sends its public key to the ECN330-switch.

Related product manuals