Using SSH with Password Authentication
38
G8264 Application Guide for ENOS 8.4
to execute commands remotely. As a secure alternative to using Telnet to manage
switch configuration, SSH ensures that all data sent over the network is encrypted
and secure.
The switch can do only one session of key/cipher generation at a time. Thus, a
SSH/SCP client will not be able to login if the switch is doing key generation at that
time. Similarly, the system will fail to do the key generation if a SSH/SCP client is
logging in at that time.
The supported SSH encryption and authentication methods are:
Server Host Authentication: Client RSA‐authenticates the switch when starting
each connection
Key Exchange: ecdh‐sha2‐nistp521, ecdh‐sha2‐nistp384, ecdh‐sha2‐nistp256,
ecdh‐sha2‐nistp224, ecdh‐sha2‐nistp192, rsa2048‐sha256, rsa1024‐sha1,
diffie‐hellman‐group‐exchange‐sha256, diffie‐hellman‐group‐exchange‐sha1,
diffie‐hellman‐group14‐sha1, diffie‐hellman‐group1‐sha1
Encryption: aes128‐ctr, aes128‐cbc, rijndael128‐cbc, blowfish‐cbc,3des‐cbc,
arcfour256, arcfour128, arcfour
MAC: hmac‐sha1, hmac‐sha1‐96, hmac‐md5, hmac‐md5‐96
User Authentication: Local password authentication, public key authentication,
RADIUS, TACACS+
Lenovo Enterprise Network Operating System implements the SSH version 2.0
standard and is confirmed to work with SSH version 2.0‐compliant clients such as
the following:
OpenSSH_5.4p1 for Linux
Secure CRT Version 5.0.2 (build 1021)
Putty SSH release 0.60
By default, the SSH feature is disabled. Once the IP parameters are configured and
the SSH service is enabled, you can access the command line interface using an
SSH connection.
To establish an SSH connection with the switch, run the SSH program on your
workstation by issuing the SSH command, followed by the switch IPv4 or IPv6
address:
# ssh <switch IP address>
You will then be prompted to enter a password as explained "Switch Login Levels"
on page
52.