Se proporciona el idioma español mediante traducción automática para su comodidad. En caso de alguna inconsistencia, el inglés precede al español.
Habilite SSH en switches de clúster BES-53248
Colaboradores
Sugerir cambios
PDF
Si utiliza las funciones de recogida de registros y el monitor de estado del switch Ethernet (CSHM), debe generar las claves SSH y, a continuación, habilitar SSH en los switches del clúster.
Pasos
-
Compruebe que SSH está desactivado:
show ip sshMuestra el ejemplo
(switch)# show ip ssh SSH Configuration Administrative Mode: .......................... Disabled SSH Port: ..................................... 22 Protocol Level: ............................... Version 2 SSH Sessions Currently Active: ................ 0 Max SSH Sessions Allowed: ..................... 5 SSH Timeout (mins): ........................... 5 Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521) Key Generation In Progress: ................... None SSH Public Key Authentication Mode: ........... Disabled SCP server Administrative Mode: ............... Disabled
-
Genere las claves SSH:
crypto key generateMuestra el ejemplo
(switch)# config (switch) (Config)# crypto key generate rsa Do you want to overwrite the existing RSA keys? (y/n): y (switch) (Config)# crypto key generate dsa Do you want to overwrite the existing DSA keys? (y/n): y (switch) (Config)# crypto key generate ecdsa 521 Do you want to overwrite the existing ECDSA keys? (y/n): y (switch) (Config)# aaa authorization commands "noCmdAuthList" none (switch) (Config)# exit (switch)# ip ssh server enable (switch)# ip scp server enable (switch)# ip ssh pubkey-auth (switch)# write mem This operation may take a few minutes. Management interfaces will not be available during this time. Are you sure you want to save? (y/n) y Config file 'startup-config' created successfully. Configuration Saved!
Asegúrese de que SSH esté deshabilitado antes de modificar las claves de lo contrario, se notifica una advertencia en el switch. -
Cifrar las claves SSH (solo para FIPS-mode):
En el modo FIPS, se requiere que las claves se cifren con una frase de acceso por motivos de seguridad. En ausencia de una clave cifrada, la aplicación no se inicia. Las claves se crean y cifran mediante los siguientes comandos: Muestra el ejemplo
(switch) configure (switch) (Config)# crypto key encrypt write rsa passphrase <passphase> The key will be encrypted and saved on NVRAM. This will result in saving all existing configuration also. Do you want to continue? (y/n): y Config file 'startup-config' created successfully. (switch) (Config)# crypto key encrypt write dsa passphrase <passphase> The key will be encrypted and saved on NVRAM. This will result in saving all existing configuration also. Do you want to continue? (y/n): y Config file 'startup-config' created successfully. (switch)(Config)# crypto key encrypt write ecdsa passphrase <passphase> The key will be encrypted and saved on NVRAM. This will result in saving all existing configuration also. Do you want to continue? (y/n): y Config file 'startup-config' created successfully. (switch) (Config)# end (switch)# write memory This operation may take a few minutes. Management interfaces will not be available during this time. Are you sure you want to save? (y/n) y Config file 'startup-config' created successfully. Configuration Saved!
-
Reinicie el switch:
reload -
Compruebe que SSH está habilitado:
show ip sshMuestra el ejemplo
(switch)# show ip ssh SSH Configuration Administrative Mode: .......................... Enabled SSH Port: ..................................... 22 Protocol Level: ............................... Version 2 SSH Sessions Currently Active: ................ 0 Max SSH Sessions Allowed: ..................... 5 SSH Timeout (mins): ........................... 5 Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521) Key Generation In Progress: ................... None SSH Public Key Authentication Mode: ........... Enabled SCP server Administrative Mode: ............... Enabled