La versione in lingua italiana fornita proviene da una traduzione automatica. Per eventuali incoerenze, fare riferimento alla versione in lingua inglese.
Abilitare SSH sugli switch cluster BES-53248
Collaboratori
Suggerisci modifiche
PDF
Se si utilizzano le funzioni Ethernet Switch Health Monitor (CSHM) e di raccolta dei log, è necessario generare le chiavi SSH e quindi abilitare SSH sugli switch del cluster.
Fasi
-
Verificare che SSH sia disattivato:
show ip sshMostra esempio
(switch)# show ip ssh SSH Configuration Administrative Mode: .......................... Disabled SSH Port: ..................................... 22 Protocol Level: ............................... Version 2 SSH Sessions Currently Active: ................ 0 Max SSH Sessions Allowed: ..................... 5 SSH Timeout (mins): ........................... 5 Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521) Key Generation In Progress: ................... None SSH Public Key Authentication Mode: ........... Disabled SCP server Administrative Mode: ............... Disabled
-
Generare le chiavi SSH:
crypto key generateMostra esempio
(switch)# config (switch) (Config)# crypto key generate rsa Do you want to overwrite the existing RSA keys? (y/n): y (switch) (Config)# crypto key generate dsa Do you want to overwrite the existing DSA keys? (y/n): y (switch) (Config)# crypto key generate ecdsa 521 Do you want to overwrite the existing ECDSA keys? (y/n): y (switch) (Config)# aaa authorization commands "noCmdAuthList" none (switch) (Config)# exit (switch)# ip ssh server enable (switch)# ip scp server enable (switch)# ip ssh pubkey-auth (switch)# write mem This operation may take a few minutes. Management interfaces will not be available during this time. Are you sure you want to save? (y/n) y Config file 'startup-config' created successfully. Configuration Saved!
Assicurarsi che SSH sia disabilitato prima di modificare le chiavi, altrimenti viene riportato un avviso sullo switch. -
Crittografare le chiavi SSH (solo per FIPS-mode):
In modalità FIPS, le chiavi devono essere crittografate con una passphrase per la protezione. In assenza di una chiave crittografata, l'applicazione non si avvia. Le chiavi vengono create e crittografate utilizzando i seguenti comandi: Mostra esempio
(switch) configure (switch) (Config)# crypto key encrypt write rsa passphrase <passphase> The key will be encrypted and saved on NVRAM. This will result in saving all existing configuration also. Do you want to continue? (y/n): y Config file 'startup-config' created successfully. (switch) (Config)# crypto key encrypt write dsa passphrase <passphase> The key will be encrypted and saved on NVRAM. This will result in saving all existing configuration also. Do you want to continue? (y/n): y Config file 'startup-config' created successfully. (switch)(Config)# crypto key encrypt write ecdsa passphrase <passphase> The key will be encrypted and saved on NVRAM. This will result in saving all existing configuration also. Do you want to continue? (y/n): y Config file 'startup-config' created successfully. (switch) (Config)# end (switch)# write memory This operation may take a few minutes. Management interfaces will not be available during this time. Are you sure you want to save? (y/n) y Config file 'startup-config' created successfully. Configuration Saved!
-
Riavviare lo switch:
reload -
Verificare che SSH sia attivato:
show ip sshMostra esempio
(switch)# show ip ssh SSH Configuration Administrative Mode: .......................... Enabled SSH Port: ..................................... 22 Protocol Level: ............................... Version 2 SSH Sessions Currently Active: ................ 0 Max SSH Sessions Allowed: ..................... 5 SSH Timeout (mins): ........................... 5 Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521) Key Generation In Progress: ................... None SSH Public Key Authentication Mode: ........... Enabled SCP server Administrative Mode: ............... Enabled
Quali sono le prossime novità?