Skip to main content
Cluster and storage switches
O português é fornecido por meio de tradução automática para sua conveniência. O inglês precede o português em caso de inconsistências.

Ative o SSH nos switches de cluster BES-53248

Colaboradores

Se você estiver usando os recursos do Monitor de integridade do comutador Ethernet (CSHM) e da coleção de logs, será necessário gerar as chaves SSH e, em seguida, ativar o SSH nos switches do cluster.

Passos
  1. Verifique se o SSH está desativado:

    show ip ssh

    Mostrar exemplo
    (switch)# show ip ssh
    
    SSH Configuration
    
    Administrative Mode: .......................... Disabled
    SSH Port: ..................................... 22
    Protocol Level: ............................... Version 2
    SSH Sessions Currently Active: ................ 0
    Max SSH Sessions Allowed: ..................... 5
    SSH Timeout (mins): ........................... 5
    Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521)
    Key Generation In Progress: ................... None
    SSH Public Key Authentication Mode: ........... Disabled
    SCP server Administrative Mode: ............... Disabled
  2. Gerar as chaves SSH:

    crypto key generate

    Mostrar exemplo
    (switch)# config
    
    (switch) (Config)# crypto key generate rsa
    
    Do you want to overwrite the existing RSA keys? (y/n): y
    
    
    (switch) (Config)# crypto key generate dsa
    
    Do you want to overwrite the existing DSA keys? (y/n): y
    
    
    (switch) (Config)# crypto key generate ecdsa 521
    
    Do you want to overwrite the existing ECDSA keys? (y/n): y
    
    (switch) (Config)# aaa authorization commands "noCmdAuthList" none
    (switch) (Config)# exit
    (switch)# ip ssh server enable
    (switch)# ip scp server enable
    (switch)# ip ssh pubkey-auth
    (switch)# write mem
    
    This operation may take a few minutes.
    Management interfaces will not be available during this time.
    Are you sure you want to save? (y/n) y
    
    Config file 'startup-config' created successfully.
    
    Configuration Saved!
    Aviso Certifique-se de que o SSH está desativado antes de modificar as chaves, caso contrário, um aviso é relatado no switch.
  3. Encripte as chaves SSH (apenas para o modo FIPS):

    Cuidado No modo FIPS, as chaves devem ser criptografadas com uma senha para segurança. Na ausência de uma chave criptografada, o aplicativo não inicia. As chaves são criadas e criptografadas usando os seguintes comandos:
    Mostrar exemplo
    (switch) configure
    (switch) (Config)# crypto key encrypt write rsa passphrase <passphase>
    
    The key will be encrypted and saved on NVRAM.
    This will result in saving all existing configuration also.
    Do you want to continue? (y/n): y
    
    Config file 'startup-config' created successfully.
    
    (switch) (Config)# crypto key encrypt write dsa passphrase <passphase>
    
    The key will be encrypted and saved on NVRAM.
    This will result in saving all existing configuration also.
    Do you want to continue? (y/n): y
    
    Config file 'startup-config' created successfully.
    
    (switch)(Config)# crypto key encrypt write ecdsa passphrase <passphase>
    
    The key will be encrypted and saved on NVRAM.
    This will result in saving all existing configuration also.
    Do you want to continue? (y/n): y
    
    Config file 'startup-config' created successfully.
    
    (switch) (Config)# end
    (switch)# write memory
    
    This operation may take a few minutes.
    Management interfaces will not be available during this time.
    Are you sure you want to save? (y/n) y
    
    Config file 'startup-config' created successfully.
    
    Configuration Saved!
  4. Reinicie o switch:

    reload

  5. Verifique se o SSH está ativado:

    show ip ssh

    Mostrar exemplo
    (switch)# show ip ssh
    
    SSH Configuration
    
    Administrative Mode: .......................... Enabled
    SSH Port: ..................................... 22
    Protocol Level: ............................... Version 2
    SSH Sessions Currently Active: ................ 0
    Max SSH Sessions Allowed: ..................... 5
    SSH Timeout (mins): ........................... 5
    Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521)
    Key Generation In Progress: ................... None
    SSH Public Key Authentication Mode: ........... Enabled
    SCP server Administrative Mode: ............... Enabled