Generates the Secure Shell 2 (SSH2) host key.
pregenerated | Indicates that the SSH2 authentication key has already been generated. The user will be prompted to enter the existing key. |
The switch generates a key for each SSH2 session.
Secure Shell 2 (SSH2) is a feature of ExtremeXOS that allows you to encrypt session data between a network administrator using SSH2 client software and the switch or to send encrypted data from the switch to an SSH2 client on a remote system. Configuration, policy, image, and public key files may also be transferred to the switch using the Secure Copy Program 2 (SCP2).
SSH2 functionality is not present in the base ExtremeXOS software image, but is available as an additional, installable module. Before you can access any SSH2 commands, you must install the module. Without the module, the SSH2 commands do not appear on the command line. To install the module, see the instructions in Software Upgrade and Boot Options.
After you have installed the SSH2 module, you must generate a host key and enable SSH2. To generate an SSH2 host key, use the configure ssh2 key command. To enable SSH2, use the enable ssh2 command.
An authentication key must be generated before the switch can accept incoming SSH2 sessions. This can be done automatically by the switch, or you can enter a previously generated key.
If you elect to have the key generated, the key generation process can take up to ten minutes, and cannot be canceled after it has started. Once the key has been generated, you should save your configuration to preserve the key.
To use a key that has been previously created, use the pregenerated keyword. Use the show ssh2 private-key command to list and copy the previously generated key. Then use the configure ssh2 key {pregenerated} command where “pregenerated” represents the key that you paste.
Note
Keys generated by ExtremeXOS cannot be used on switches running ExtremeWare images, and keys generated by ExtremeWare cannot be used on switches running ExtremeXOS images.
The key generation process generates the SSH2 private host key. The SSH2 public host key is derived from the private host key, and is automatically transmitted to the SSH2 client at the beginning of an SSH2 session.
To view the status of SSH2 on the switch, use the show management command. The show management command displays information about the switch including the enable/disable state for SSH2 sessions, whether a valid key is present, and the TCP port and virtual router that is being used.
The following command generates an authentication key for the SSH2 session:
configure ssh2 key
The command responds with the following messages:
WARNING: Generating new server host key This will take approximately 10 minutes and cannot be canceled. Continue? (y/n)If you respond yes, the command begins the process.
To configure an SSH2 session using a previously generated key, use the following command:
configure ssh2 key pregenerated <pre-generated key>
Enter the previously-generated key (you can copy and paste it from the saved configuration file; a part of the key pattern is similar to 2d:2d:2d:2d:20:42:45:47:).
This command was first available in the ExtremeXOS 11.0 SSH module.
This command is available on all platforms.