Skip to main content
Cluster and storage switches

Enable SSH on BES-53248 cluster switches

Contributors netapp-yvonneo netapp-jolieg

If you are using the Cluster Switch Health Monitor (CSHM) and log collection features, you must generate the SSH keys and then enable SSH on the cluster switches.

Steps
  1. Verify that SSH is disabled:

    show ip ssh

    Show example
    (switch)# show ip ssh
    
    SSH Configuration
    
    Administrative Mode: .......................... Disabled
    SSH Port: ..................................... 22
    Protocol Level: ............................... Version 2
    SSH Sessions Currently Active: ................ 0
    Max SSH Sessions Allowed: ..................... 5
    SSH Timeout (mins): ........................... 5
    Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521)
    Key Generation In Progress: ................... None
    SSH Public Key Authentication Mode: ........... Disabled
    SCP server Administrative Mode: ............... Disabled
  2. Generate the SSH keys:

    crypto key generate

    Show example
    (switch)# config
    
    (switch) (Config)# crypto key generate rsa
    
    Do you want to overwrite the existing RSA keys? (y/n): y
    
    
    (switch) (Config)# crypto key generate dsa
    
    Do you want to overwrite the existing DSA keys? (y/n): y
    
    
    (switch) (Config)# crypto key generate ecdsa 521
    
    Do you want to overwrite the existing ECDSA keys? (y/n): y
    
    (switch) (Config)# aaa authorization commands "noCmdAuthList" none
    (switch) (Config)# exit
    (switch)# ip ssh server enable
    (switch)# ip scp server enable
    (switch)# ip ssh pubkey-auth
    (switch)# write mem
    
    This operation may take a few minutes.
    Management interfaces will not be available during this time.
    Are you sure you want to save? (y/n) y
    
    Config file 'startup-config' created successfully.
    
    Configuration Saved!
    Warning Make sure that SSH is disabled before modifying the keys otherwise a warning is reported on the switch.
  3. Reboot the switch:

    reload

  4. Verify that SSH is enabled:

    show ip ssh

    Show example
    (switch)# show ip ssh
    
    SSH Configuration
    
    Administrative Mode: .......................... Enabled
    SSH Port: ..................................... 22
    Protocol Level: ............................... Version 2
    SSH Sessions Currently Active: ................ 0
    Max SSH Sessions Allowed: ..................... 5
    SSH Timeout (mins): ........................... 5
    Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521)
    Key Generation In Progress: ................... None
    SSH Public Key Authentication Mode: ........... Enabled
    SCP server Administrative Mode: ............... Enabled
What's next?

Enable log collection.