SSH
SSH2 is available for remote connections to the GigaVUE‑HC1’s Mgmt port. By default, SSH2 is enabled. Use the ssh commands in Configure mode to enable or disable the corresponding connections. To disable the corresponding connection, you include no before the command, as demonstrated in the following table. For example:
Command |
Notes |
||||||||||||
Enable: (config) # ssh server enable Disable:(config) # no ssh server enable |
When SSH2 is enabled, use any compliant SSH2 client to connect to the command-line interface remotely. For example, to connect using the popular SSH2 client, PuTTY:
If this is your first connection PuTTY warns you that the host key presented by the GigaVUE H Series node is not in your cache. You can add the key, connect without adding the key, or cancel the connection. Refer to Verifying Host Keys During Connection for information on how to verify that the host key shown is the correct one.
|
Advantages of SSH2
SSH2 is a secure choice for remote connections, providing an encrypted channel instead of relying on clear text. It also provides stronger user authentication capabilities, including the use of a public host key. Host keys uniquely identify a server, helping guarantee that the server you are connecting to is the server you think it is.
GigaVUE includes default RSA v1/v2 and DSAv2-encrypted public host keys (SSH2 supports both RSA and DSA encryption algorithms). The first time you connect to GigaVUE with an SSH2 client, the client will warn you that the host keys are not in your local cache and show you the actual host key presented by the GigaVUE‑HC1. Your client will most likely give you the option of trusting the key, adding it to your local cache. Once you have trusted the key, your client will alert you during connection if a different key is presented.
Verifying Host Keys During Connection
To verify that the host key presented during an SSH2 connection is in fact the GigaVUE node’s, you can connect over the console port (refer to Access the Command-Line Interface over the Console Port on page 37) and use the show ssh server host-keys command to see the current public host keys and fingerprints for the GigaVUE‑HC1. Paste these in a file and keep them nearby when you connect via SSH2 the first time. This way, you will be able to compare the actual host key to what your SSH2 client says is being presented. Once you have verified that they are the same, you can choose to trust the host key, allowing future connections to take place seamlessly.
Changing Host Keys
Use the ssh server host-key generate command to change the default host keys provided with the GigaVUE‑HC1. The command has the following syntax:
ssh server host-key <rsa1 | rsa2 |dsa2> <private-key | public-key> generate
For example, to configure a new RSAv1 public hostkey, you could use the following command:
(config) # ssh server host-key rsa1 public-key generate