Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Changing the default SSH key
Using the default key means that SSH sessions established to the VCS may be vulnerable to "man-in-the-
middle" attacks, so you are recommended to generate new SSH keys which are unique to your VCS.
middle" attacks, so you are recommended to generate new SSH keys which are unique to your VCS.
An alarm message "Security alert: the SSH service is using the default key” is displayed if your VCS is still
configured with its factory default SSH key.
configured with its factory default SSH key.
To generate a new SSH key for the VCS:
1. Log into the CLI as root.
2. Type regeneratesshkey.
3. Type exit to log out of the root account.
4. Log in to the web interface.
5. Go to
Maintenance > Restart
. You are taken to the
Restart
page.
6. Check the number of calls and registrations currently in place.
7. Click Restart system and then confirm the restart when asked.
If you have a clustered VCS system you must generate new SSH keys for every cluster peer. Log into each
peer in turn and follow the instructions above. You do not have to decluster or disable replication.
peer in turn and follow the instructions above. You do not have to decluster or disable replication.
When you next log in to the VCS over SSH you may receive a warning that the key identity of the
VCS has changed. Please follow the appropriate process for your SSH client to suppress this
warning.
VCS has changed. Please follow the appropriate process for your SSH client to suppress this
warning.
If your VCS is subsequently downgraded to an earlier version of VCS firmware, the default SSH
keys will be restored.
keys will be restored.
Cisco TelePresence Video Communication Server Administrator Guide (X8.5.1)
Page 425 of 563
Reference material
Changing the default SSH key