Third-Party SSH and SCP Client Software

Tested Software

The following table describes the third-party SSH and SCP client software that has been tested but is not included with the switch software.

Table 1. Tested software

SSH Client

Secure Shell (SSH)

Secure Copy (SCP)

Tera Term Pro with TTSSH extension

MS Windows

  • Supports SSHv2.

  • Authentication:

    - RSA is supported when the switch acts as a server. The switch does not support RSA as a client.

    - DSA

    - Password

  • Provides a keygen tool.

  • It creates both RSA and DSA keys.

  • Client distribution does not include SCP client.

Secure Shell Client

Windows 2000

  • Supports SSHv2 client.

  • Authentication

    • DSA

    • Password

  • Provides a keygen tool.

  • It creates a DSA key in SSHv2 format.

  • The switch generates a log message stating that a DSA key has been generated.

  • Client distribution includes an SCP client that is not compatible with switch.

OpenSSH

Unix Solaris 2.5 / 2.6

  • Supports SSHv2 clients.

  • Authentication:

    - RSA is supported when the switch acts as a server. The switch does not support RSA as a client.

    - DSA

    - Password

  • Provides a keygen tool.

  • It creates both RSA and DSA keys.

  • Client distribution includes an SCP client that is supported on switch.

WinSCP

N/A

This SCP client is unsupported on the switch.

Switch As Client

The switch acting as the SSHv2 client generates a DSA public and private server key pair. The public part of the key for DSA is stored in the following location:

/intflash/.ssh/dsa_key_rwa

Note

Note

For certain switches in enhanced secure mode, all sensitive files are protected. The home directory for protected files is /intflash/shared. You cannot access any sensitive files using Telnet, SSH, FTP, SFTP, TFTP, and SCP connections. For more information, see Sensitive File Protection.

The public part of the key must be copied to the SSH server and be named according to the naming requirement of the server.

Consult DSA Authentication Access Level and File Name for proper naming convention.

If a DSA key pair does not exist, you can generate the DSA key pair using the ssh dsa-user-key [WORD<1–15>] [size <1024-1024>] command.

You need to copy the DSA public key to the SSHv2 server that you connect to using the switch as a client. RSA is not supported when using the switch as a client, but you can use RSA when the switch is acting as the server.

Note

Note

SSH RSA and DSA public and private keys are copied from /intflash/shared to /intflash/.ssh.

Switch As Server

After you install one of the SSHv2 clients you must generate a client and server key using the RSA or DSA algorithms.

To authenticate an SSHv2 client using DSA, the administrator must copy the public part of the client DSA key to /intflash/.ssh directory on the switch that acts as the SSHv2 server. The file that is copied over to the SSHv2 server must be named according to DSA Authentication Access Level and File Name.