3-13
IPv6 Management Security Features
Secure Shell (SSH) for IPv6
Public keys from SSH clients are stored on the switch. Access to the
switch is granted only to a client whose private key matches a stored
public key.
■ Password-only client authentication
The switch is SSH-enabled but is not configured with the login method
that authenticates a client’s public-key. Instead, after the switch authenti-
cates itself to a client, users connected to the client authenticate them-
selves to the switch by providing a valid password that matches the
operator- and/or manager-level password configured and stored locally on
the switch or on a RADIUS or TACACS+ server.
■ Secure Copy (SCP) and Secure FTP (SFTP) client applications
You can use either one SCP session or one SFTP session at a given time
to perform secure file transfers to and from the switch.
Configuring SSH for IPv6
By default, SSH is automatically enabled for IPv4 and IPv6 connections on a
switch. You can use the ip ssh command options to reconfigure the default
SSH settings to configure the following settings used in SSH authentication
for IPv4 and IPv6 connections:
■ TCP port number
■ timeout period
■ file transfer
■ MAC type
■ cipher type
■ listening port(s)
Syntax: [no] ip ssh
Enables SSH for on the switch for both IPv4 and IPv6,
and activates the connection with a configured SSH
server (RADIUS or TACACS+). The no form of the
command disables SSH on the switch.
[cipher < cipher-type >]
To Next Page
Loading...
