Verify your SSH configuration
Contributors
Suggest changes
PDFs
If you are using the Ethernet Switch Health Monitor (CSHM) and log collection features, verify that SSH and SSH keys are enabled on the cluster switches.
Steps
-
Verify that SSH is enabled:
(switch) show ssh server ssh version 2 is enabled
-
Verify that the SSH keys are enabled:
show ssh keyShow example
(switch)# show ssh key rsa Keys generated:Fri Jun 28 02:16:00 2024 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDiNrD52Q586wTGJjFAbjBlFaA23EpDrZ2sDCewl7nwlioC6HBejxluIObAH8hrW8kR+gj0ZAfPpNeLGTg3APj/yiPTBoIZZxbWRShywAM5PqyxWwRb7kp9Zt1YHzVuHYpSO82KUDowKrL6lox/YtpKoZUDZjrZjAp8hTv3JZsPgQ== bitcount:1024 fingerprint: SHA256:aHwhpzo7+YCDSrp3isJv2uVGz+mjMMokqdMeXVVXfdo could not retrieve dsa key information ecdsa Keys generated:Fri Jun 28 02:30:56 2024 ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBABJ+ZX5SFKhS57evkE273e0VoqZi4/32dt+f14fBuKv80MjMsmLfjKtCWy1wgVt1Zi+C5TIBbugpzez529zkFSF0ADb8JaGCoaAYe2HvWR/f6QLbKbqVIewCdqWgxzrIY5BPP5GBdxQJMBiOwEdnHg1u/9Pzh/Vz9cHDcCW9qGE780QHA== bitcount:521 fingerprint: SHA256:TFGe2hXn6QIpcs/vyHzftHJ7Dceg0vQaULYRAlZeHwQ (switch)# show feature | include scpServer scpServer 1 enabled (switch)# show feature | include ssh sshServer 1 enabled (switch)#
|
When enabling FIPS, you must change the bitcount to 256 on the switch using the command ssh key ecdsa 256 force. See Configure network security using FIPS for more details.
|
What's next?