configure ssh2 key

configure ssh2 key {pregenerated}

Description

Generates the Secure Shell 2 (SSH2) host key. This command is used to regenerate a host key, if there is already one existing.

Syntax Description

pregenerated indicates that the SSH2 host key is already available with the user.

Default

The switch generates a key for each SSH2 session.

Usage Guidelines

Secure Shell 2 (SSH2) is a feature of ExtremeXOS that allows you to encrypt session data between a network administrator using SSH2 client software and the switch or to send encrypted data from the switch to an SSH2 client on a remote system. Configuration, policy, image, and public key files may also be transferred to the switch using the Secure Copy Program (SCP2).

To enable SSH2, use the enable ssh2 command.

A host key must be generated before the switch can accept incoming ssh connections. This can be done by the switch using the commands "enable ssh2" (if ssh is not enabled previously) or "configure ssh2 key pregenerated" (if you wish to use a pregenerated key as the host key).

If you elect to have the key generated, the key generation process can take up to one minute, and cannot be canceled after it has started. For the switch to use the newly generated key the exsshd process needs to be restarted using the command restart process [class cname | name {msm slot}] with "exsshd" as the name.

To use a key that has been previously created, use the pregenerated keyword. Use the show ssh2 private-key command to list and copy the previously generated key. Then use the configure ssh2 key {pregenerated} command where “pregenerated” represents the key that you paste.
Note

Note

In ExtremeXOS 22.5 and later, ssh-dss (DSA) host key is not supported in both server and client. For backward compatibility, it is supported in server only during a switch image upgrade if this algorithm is present in earlier release.

The key generation process generates the SSH2 private host key. The SSH2 public host key is derived from the private host key, and is automatically transmitted to the SSH2 client at the beginning of an SSH2 session.

To view the status of SSH2 on the switch, use the show management command. The show management command displays information about the switch including the enable/disable state for SSH2 sessions, whether a valid key is present, and the TCP port and virtual router that is being used.

Example

The following command generates an authentication key for the SSH2 session:

configure ssh2 key

The command responds with the following messages:

WARNING: Generating new server host key This will take approximately 10 minutes and cannot be canceled. Continue? (y/n)

If you respond yes, the command begins the process.

To configure an SSH2 session using a previously generated key, use the following command:

configure ssh2 key pregenerated <pre-generated key>

Enter the previously-generated key (you can copy and paste it from the saved configuration file; a part of the key pattern is similar to 2d:2d:2d:2d:20:42:45:47:).

History

This command was first available in the ExtremeXOS 11.0.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.