Prerequisites for SSH
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
SSH Client
The SSH client feature is an application running over the SSH protocol to provide device authentication
and encryption. The SSH client enables a Nexus 5000 Series switch to make a secure, encrypted
connection to another Nexus 5000 Series switch or to any other device running the SSH server. This
connection provides an outbound connection that is encrypted. With authentication and encryption, the
SSH client allows for a secure communication over an insecure network.
The SSH client in the Nexus 5000 Series switch works with publicly and commercially available SSH
servers.
SSH Server Keys
SSH requires server keys for secure communications to the Nexus 5000 Series switch. You can use SSH
keys for the following SSH options:
•
•
Be sure to have an SSH server key-pair with the appropriate version before enabling the SSH service.
You can generate the SSH server key-pair according to the SSH client version used. The SSH service
accepts three types of key-pairs for use by SSH version 2:
•
•
By default, the Nexus 5000 Series switch generates an RSA key using 1024 bits.
Caution
If you delete all of the SSH keys, you cannot start the SSH services.
Telnet Server
The Telnet protocol enables TCP/IP connections to a host. Telnet allows a user at one site to establish a
TCP connection to a login server at another site, and then passes the keystrokes from one system to the
other. Telnet can accept either an IP address or a domain name as the remote system address.
The Telnet server is enabled by default on the Nexus 5000 Series switch.
Prerequisites for SSH
SSH has the following prerequisites:
•
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
19-2
SSH version 2 using Rivest, Shamir, and Adelman (RSA) public-key cryptography
SSH version 2 using the Digital System Algrorithm (DSA)
The dsa option generates the DSA key-pair for the SSH version 2 protocol.
The rsa option generates the RSA key-pair for the SSH version 2 protocol.
You have configured IP on a Layer 3 interface, out-of-band on the mgmt 0 interface or inband on an
Ethernet interface.
Chapter 19
Configuring SSH and Telnet
OL-16597-01