SSH2

SSH2 is available for remote connections to the GigaVUE Traffic Aggregator’s Mgmt port. By default, SSH2 is enabled. Use the ssh commands in Configure mode to enable or disable the corresponding connections. To disable the corresponding connection, you include no before the command, as demonstrated in the table below. For example:

Command

Notes

Enable:

(config) # ssh server enable

Disable:

(config) # no ssh server enable

When SSH2 is enabled, you can use any compliant SSH2 client to connect to the command-line interface remotely. For example, to connect using the SSH2 client, PuTTY:

a. Start PuTTY and enter the GigaVUE Traffic Aggregator’s IP address in the Host Name field.
b. Click the SSH protocol radio button.
c. Click Open to open a connection.

If this is your first connection PuTTY warns you that the host key presented by the GigaVUE node is not in your cache. You can add the key, connect without adding the key, or cancel the connection. Refer to SSH2 for information on how to verify that the host key shown is the correct one.

d. Log in with GigaVUE credentials.

Advantages of SSH2

SSH2 is a secure choice for remote connections, providing an encrypted channel instead of relying on clear text. It also provides stronger user authentication capabilities, including the use of a public host key. Host keys uniquely identify a server, helping guarantee that the server you’re connecting to is the server you think it is.

The GigaVUE nodes also include default RSA v1/v2 and DSAv2-encrypted public host keys (SSH2 supports both RSA and DSA encryption algorithms). The first time you connect to the GigaVUE TA Series node with an SSH2 client, the client will warn you that the host keys are not in your local cache and show you the actual host key presented by the node. Your client will most likely give you the option of trusting the key, adding it to your local cache. Once you’ve trusted the key, your client will alert you during connection if a different key is presented.

Important: Telnet server functionality is no longer supported as of GigaVUE‑OS 5.7.00.

Verifying Host Keys During Connection

To verify that the host key presented during an SSH2 connection is in fact the GigaVUE node’s, you can connect over the console port (refer to Access the Command-Line Interface over the console Port) and use the show ssh server host-keys command to see the current public host keys and fingerprints for the GigaVUE node. Paste these in a file and keep them nearby when you connect via SSH2 the first time. This way, you’ll be able to compare the actual host key to what your SSH2 client says is being presented. Once you’ve verified that they are the same, you can choose to trust the host key, allowing future connections to take place seamlessly.

Changing Host Keys

You can use the ssh server host-key generate command to change the default host keys provided with the GigaVUE node. The command has the following syntax:

ssh server host-key <rsa1 | rsa2 |dsa2> <private-key | public-key> generate

For example, to configure a new RSAv1 public hostkey, you could use the following command:

(config) # ssh server host-key rsa1 public-key generate