Configuring Secure Shell (SSH)
For complete syntax and usage information for the commands used in this section, see the command
Note
reference for this release and the "Secure Shell Commands" section of the "Other Security Features" chapter
of the Cisco IOS Security Command Reference, Release 12.4 and the Cisco IOS IPv6 Command Reference.
SSH Servers, Integrated Clients, and Supported Versions
The SSH feature has an SSH server and an SSH integrated client, which are applications that run on the switch.
You can use an SSH client to connect to a switch running the SSH server. The SSH server works with the
SSH client supported in this release and with non-Cisco SSH clients. The SSH client also works with the SSH
server supported in this release and with non-Cisco SSH servers.
The switch supports an SSHv1 or an SSHv2 server.
The switch supports an SSHv1 client.
SSH supports the Data Encryption Standard (DES) encryption algorithm, the Triple DES (3DES) encryption
algorithm, and password-based user authentication.
SSH also supports these user authentication methods:
• TACACS+
• RADIUS
• Local authentication and authorization
Related Topics
Configuring the Switch for Local Authentication and Authorization, on page 81
TACACS+ and Switch Access, on page 39
RADIUS and Switch Access, on page 53
SSH Configuration Guidelines
Follow these guidelines when configuring the switch as an SSH server or SSH client:
• An RSA key pair generated by a SSHv1 server can be used by an SSHv2 server, and the reverse.
• If the SSH server is running on a stack master and the stack master fails, the new stack master uses the
• If you get CLI error messages after entering the crypto key generate rsa global configuration command,
• When generating the RSA key pair, the message No host name specified might appear. If it does, you
• When generating the RSA key pair, the message No domain specified might appear. If it does, you must
OL-29434-01
RSA key pair generated by the previous stack master.
an RSA key pair has not been generated. Reconfigure the hostname and domain, and then enter the
crypto key generate rsa command. For more information, see Related Topics below.
must configure a hostname by using the hostname global configuration command.
configure an IP domain name by using the ip domain-name global configuration command.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
SSH Servers, Integrated Clients, and Supported Versions
87