Skip to main content
Cluster and storage switches
La versione in lingua italiana fornita proviene da una traduzione automatica. Per eventuali incoerenze, fare riferimento alla versione in lingua inglese.

Abilitare SSH sugli switch cluster BES-53248

Collaboratori

Se si utilizzano le funzioni Ethernet Switch Health Monitor (CSHM) e di raccolta dei log, è necessario generare le chiavi SSH e quindi abilitare SSH sugli switch del cluster.

Fasi
  1. Verificare che SSH sia disattivato:

    show ip ssh

    Mostra esempio
    (switch)# show ip ssh
    
    SSH Configuration
    
    Administrative Mode: .......................... Disabled
    SSH Port: ..................................... 22
    Protocol Level: ............................... Version 2
    SSH Sessions Currently Active: ................ 0
    Max SSH Sessions Allowed: ..................... 5
    SSH Timeout (mins): ........................... 5
    Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521)
    Key Generation In Progress: ................... None
    SSH Public Key Authentication Mode: ........... Disabled
    SCP server Administrative Mode: ............... Disabled
  2. Generare le chiavi SSH:

    crypto key generate

    Mostra esempio
    (switch)# config
    
    (switch) (Config)# crypto key generate rsa
    
    Do you want to overwrite the existing RSA keys? (y/n): y
    
    
    (switch) (Config)# crypto key generate dsa
    
    Do you want to overwrite the existing DSA keys? (y/n): y
    
    
    (switch) (Config)# crypto key generate ecdsa 521
    
    Do you want to overwrite the existing ECDSA keys? (y/n): y
    
    (switch) (Config)# aaa authorization commands "noCmdAuthList" none
    (switch) (Config)# exit
    (switch)# ip ssh server enable
    (switch)# ip scp server enable
    (switch)# ip ssh pubkey-auth
    (switch)# write mem
    
    This operation may take a few minutes.
    Management interfaces will not be available during this time.
    Are you sure you want to save? (y/n) y
    
    Config file 'startup-config' created successfully.
    
    Configuration Saved!
    Attenzione Assicurarsi che SSH sia disabilitato prima di modificare le chiavi, altrimenti viene riportato un avviso sullo switch.
  3. Crittografare le chiavi SSH (solo per FIPS-mode):

    Avvertenza In modalità FIPS, le chiavi devono essere crittografate con una passphrase per la protezione. In assenza di una chiave crittografata, l'applicazione non si avvia. Le chiavi vengono create e crittografate utilizzando i seguenti comandi:
    Mostra esempio
    (switch) configure
    (switch) (Config)# crypto key encrypt write rsa passphrase <passphase>
    
    The key will be encrypted and saved on NVRAM.
    This will result in saving all existing configuration also.
    Do you want to continue? (y/n): y
    
    Config file 'startup-config' created successfully.
    
    (switch) (Config)# crypto key encrypt write dsa passphrase <passphase>
    
    The key will be encrypted and saved on NVRAM.
    This will result in saving all existing configuration also.
    Do you want to continue? (y/n): y
    
    Config file 'startup-config' created successfully.
    
    (switch)(Config)# crypto key encrypt write ecdsa passphrase <passphase>
    
    The key will be encrypted and saved on NVRAM.
    This will result in saving all existing configuration also.
    Do you want to continue? (y/n): y
    
    Config file 'startup-config' created successfully.
    
    (switch) (Config)# end
    (switch)# write memory
    
    This operation may take a few minutes.
    Management interfaces will not be available during this time.
    Are you sure you want to save? (y/n) y
    
    Config file 'startup-config' created successfully.
    
    Configuration Saved!
  4. Riavviare lo switch:

    reload

  5. Verificare che SSH sia attivato:

    show ip ssh

    Mostra esempio
    (switch)# show ip ssh
    
    SSH Configuration
    
    Administrative Mode: .......................... Enabled
    SSH Port: ..................................... 22
    Protocol Level: ............................... Version 2
    SSH Sessions Currently Active: ................ 0
    Max SSH Sessions Allowed: ..................... 5
    SSH Timeout (mins): ........................... 5
    Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521)
    Key Generation In Progress: ................... None
    SSH Public Key Authentication Mode: ........... Enabled
    SCP server Administrative Mode: ............... Enabled