SSH

SSH2 is available for remote connections to the GigaVUE‑HC1’s Mgmt port. By default, SSH2 is enabled. Use the ssh commands in Configure mode to enable or disable the corresponding connections. To disable the corresponding connection, you include no before the command, as demonstrated in the following table. For example:

Command

Notes

Enable: (config) # ssh server enable

Disable:(config) # no ssh server enable

When SSH2 is enabled, use any compliant SSH2 client to connect to the command-line interface remotely. For example, to connect using the popular SSH2 client, PuTTY:

a. Start PuTTY and enter the GigaVUE® HC series H Series node’s IP address in the Host Name field.
b. Click the SSH protocol radio button.
c. Click Open to open a connection.

If this is your first connection PuTTY warns you that the host key presented by the GigaVUE® HC series H Series node is not in your cache. You can add the key, connect without adding the key, or cancel the connection. Refer to Verifying Host Keys During Connection for information on how to verify that the host key shown is the correct one.

d. Log in with GigaVUE® HC series credentials.

Advantages of SSH2

SSH2 is a secure choice for remote connections, providing an encrypted channel instead of relying on clear text. It also provides stronger user authentication capabilities, including the use of a public host key. Host keys uniquely identify a server, helping guarantee that the server you are connecting to is the server you think it is.

GigaVUE® HC series includes default RSA v1/v2 and DSAv2-encrypted public host keys (SSH2 supports both RSA and DSA encryption algorithms). The first time you connect to GigaVUE® HC series with an SSH2 client, the client will warn you that the host keys are not in your local cache and show you the actual host key presented by the GigaVUE‑HC1. Your client will most likely give you the option of trusting the key, adding it to your local cache. Once you have trusted the key, your client will alert you during connection if a different key is presented.

Verifying Host Keys During Connection

To verify that the host key presented during an SSH2 connection is in fact the GigaVUE® HC series node’s, you can connect over the console port (refer to Access the Command-Line Interface over the Console Port on page 37) and use the show ssh server host-keys command to see the current public host keys and fingerprints for the GigaVUE‑HC1. Paste these in a file and keep them nearby when you connect via SSH2 the first time. This way, you will be able to compare the actual host key to what your SSH2 client says is being presented. Once you have verified that they are the same, you can choose to trust the host key, allowing future connections to take place seamlessly.

Changing Host Keys

Use the ssh server host-key generate command to change the default host keys provided with the GigaVUE‑HC1. The command has the following syntax:

ssh server host-key <rsa1 | rsa2 |dsa2> <private-key | public-key> generate

For example, to configure a new RSAv1 public hostkey, you could use the following command:

(config) # ssh server host-key rsa1 public-key generate