Accessing the switch 23Secure Shell and Secure CopySecure Shell (SSH) and Secure Copy (SCP) use secure tunnels to encrypt and secure messages between aremote administrator and the switch. Telnet does not provide this level of security. The Telnet method of managinga switch does not provide a secure connection.SSH is a protocol that enables remote administrators to log securely into the switch over a network to executemanagement commands. By default, SSH is disabled (off) on the switch.SCP is typically used to copy files securely from one machine to another. SCP uses SSH for encryption of data onthe network. On a switch, SCP is used to download and upload the switch configuration via secure channels. Bydefault, SCP is disabled on the switch.The switch implementation of SSH is based on version 1.5 and version 2.0, and supports SSH clients from version1.0 through version 2.0. Client software can use SSH version 1 or version 2. The following SSH clients aresupported:• SSH 3.0.1 for Linux (freeware)• SecureCRT® 4.1.8 (VanDyke Technologies, Inc.)• OpenSSH_3.9 for Linux (FC 3)• FedoraCore 3 for SCP commands• PuTTY Release 0.58 (Simon Tatham) for WindowsConfiguring SSH and SCP features (AOS CLI example)Before you can use SSH commands, use the following commands to turn on SSH and SCP.Enabling or disabling SSHTo enable the SSH feature, connect to the switch CLI and enter the following commands:>> # /cfg/sys/sshd/on (Turn SSH on)Current status: OFFNew status: ONSSHD# apply (Apply the changes to start generatingRSA host and server keys)RSA host key generation starts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .RSA host key generation completes (lasts 212549 ms)RSA host key is being saved to Flash ROM, please don’t reboot the boximmediately.RSA server key generation starts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .RSA server key generation completes (lasts 75503 ms)RSA server key is being saved to Flash ROM, please don’t reboot the boximmediately.-------------------------------------------------------------------------Apply complete; don’t forget to “save” updated configuration.NOTE: Secure Shell can be configured using the console port only. SSH menus do not display if you accessthe switch using Telnet or the Browser-based Interface.