Blade ICE G8124 Manuale Utente

BMD00220, October 2010

Chapter 1: Switch Administration  

  31

Although a remote network administrator can manage the configuration of a G8124 via Telnet, this 
method does not provide a secure connection. The Secure Shell (SSH) protocol enables you to 
securely log into another device over a network to execute commands remotely. As a secure 
alternative to using Telnet to manage switch configuration, SSH ensures that all data sent over the 
network is encrypted and secure.

The switch can do only one session of key/cipher generation at a time. Thus, a SSH/SCP client will 
not be able to login if the switch is doing key generation at that time. Similarly, the system will fail 
to do the key generation if a SSH/SCP client is logging in at that time.

The supported SSH encryption and authentication methods are listed below.

Server Host Authentication: Client RSA-authenticates the switch when starting each connection

Key Exchange: RSA

Encryption: 3DES-CBC, DES

User Authentication: Local password authentication, RADIUS, TACACS+

The following SSH clients have been tested:

OpenSSH_5.1p1 Debian-3ubuntu1

SecureCRT 5.0 (Van Dyke Technologies, Inc.)

Putty beta 0.60

The BLADEOS implementation of SSH supports both versions 1.5 and 2.0 and supports 

SSH client version 1.5 - 2.x. 

By default, the SSH feature is disabled. For information on enabling and using SSH for switch 
access, see 

.

Once the IP parameters are configured and the SSH service is enabled, you can access the command 
line interface using an SSH connection.

To establish an SSH connection with the switch, run the SSH program on your workstation by 
issuing the SSH command, followed by the switch IPv4 or IPv6 address:

If SecurID authentication is required, use the following command:

You will then be prompted to enter a password as explained 

.

# ssh

# ssh -1 ace