Skip to main content
本繁體中文版使用機器翻譯,譯文僅供參考,若與英文版本牴觸,應以英文版本為準。

在 BES-53248 叢集交換器上啟用 SSH

貢獻者 netapp-yvonneo netapp-jolieg
PDF

如果您正在使用乙太網路交換器健康監視器 (CSHM) 和日誌收集功能,則必須產生 SSH 金鑰,然後在叢集交換器上啟用 SSH。

步驟

  1. 確認 SSH 已停用:

    show ip ssh

    顯示範例 
    (switch)# show ip ssh

SSH Configuration

Administrative Mode: .......................... Disabled
SSH Port: ..................................... 22
Protocol Level: ............................... Version 2
SSH Sessions Currently Active: ................ 0
Max SSH Sessions Allowed: ..................... 5
SSH Timeout (mins): ........................... 5
Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521)
Key Generation In Progress: ................... None
SSH Public Key Authentication Mode: ........... Disabled
SCP server Administrative Mode: ............... Disabled

    • 如果 SSH 未停用,請依下列步驟停用:

      no ip ssh server enable

      no ip scp server enable

    註

    • 對於 EFOS 3.12 及更高版本,需要控制台訪問,因為禁用 SSH 時活動的 SSH 會話會遺失。

    • 對於 EFOS 3.11 及更早版本,停用 SSH 伺服器後目前 SSH 工作階段仍保持開啟。

    +

    警告 修改金鑰前請務必停用 SSH,否則交換器上會發出警告。

  2. 在設定模式下,產生 SSH 金鑰:

    crypto key generate

    顯示範例 
    (switch)# config

(switch) (Config)# crypto key generate rsa

Do you want to overwrite the existing RSA keys? (y/n): y


(switch) (Config)# crypto key generate dsa

Do you want to overwrite the existing DSA keys? (y/n): y


(switch) (Config)# crypto key generate ecdsa 521

Do you want to overwrite the existing ECDSA keys? (y/n): y

  3. 在設定模式下,設定ONTAP日誌收集的 AAA 授權:

    aaa authorization commands "noCmdAuthList" none

    顯示範例 
    (switch) (Config)# aaa authorization commands "noCmdAuthList" none
(switch) (Config)# exit

  4. 重新啟用 SSH/SCP。

    顯示範例 
    (switch)# ip ssh server enable
(switch)# ip scp server enable
(switch)# ip ssh pubkey-auth

  5. 將這些變更儲存到啟動配置:

    write memory

    顯示範例 
    (switch)# write memory

This operation may take a few minutes.
Management interfaces will not be available during this time.
Are you sure you want to save? (y/n) y

Config file 'startup-config' created successfully.

Configuration Saved!

  6. 對 SSH 金鑰進行加密(僅限 FIPS 模式):

    警告 在 FIPS 模式下,為了安全起見,金鑰需要使用密碼短語進行加密。如果沒有加密金鑰,應用程式將無法啟動。使用以下命令建立和加密金鑰:
    顯示範例 
    (switch) configure
(switch) (Config)# crypto key encrypt write rsa passphrase <passphase>

The key will be encrypted and saved on NVRAM.
This will result in saving all existing configuration also.
Do you want to continue? (y/n): y

Config file 'startup-config' created successfully.

(switch) (Config)# crypto key encrypt write dsa passphrase <passphase>

The key will be encrypted and saved on NVRAM.
This will result in saving all existing configuration also.
Do you want to continue? (y/n): y

Config file 'startup-config' created successfully.

(switch)(Config)# crypto key encrypt write ecdsa passphrase <passphase>

The key will be encrypted and saved on NVRAM.
This will result in saving all existing configuration also.
Do you want to continue? (y/n): y

Config file 'startup-config' created successfully.

(switch) (Config)# end
(switch)# write memory

This operation may take a few minutes.
Management interfaces will not be available during this time.
Are you sure you want to save? (y/n) y

Config file 'startup-config' created successfully.

Configuration Saved!

  7. 重啟交換器:

    reload

  8. 確認 SSH 已啟用:

    show ip ssh

    顯示範例 
    (switch)# show ip ssh

SSH Configuration

Administrative Mode: .......................... Enabled
SSH Port: ..................................... 22
Protocol Level: ............................... Version 2
SSH Sessions Currently Active: ................ 0
Max SSH Sessions Allowed: ..................... 5
SSH Timeout (mins): ........................... 5
Keys Present: ................................. DSA(1024) RSA(1024) ECDSA(521)
Key Generation In Progress: ................... None
SSH Public Key Authentication Mode: ........... Enabled
SCP server Administrative Mode: ............... Enabled
下一步是什麼?

啟用 SSH 後,您可以 "配置交換器健康監控"