Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
Bit
Inserted
Size
IP
Address
Figure 8-8. Example of a Switch Public Key Edited To Include the Switch's IP Address
Switch(config)# show crypto host-public-key babble
1024 xubep-neryf-typyz-necef-hekih-navir-bynyd-puzon-dumoc-gikyz-mexax
host_ssh2.pub
Switch(config)# show crypto host-public-key fingerprint
1024 23:50:cb:73:f8:9d:09:bc:41:08:86:43:9c:42:e8:66 host_ssh2.pub
Figure 8-9. Examples of Visual Phonetic and Hexadecimal Conversions of the Switch's Public Key
8-14
4.
Add any data required by your SSH client application. For example Before
saving the key to an SSH client's "known hosts" file you may have to insert
the switch's IP address:
Exponent <e>
For more on this topic, refer to the documentation provided with your SSH
client application.
Displaying the Public Key. The switch provides three options for display-
ing its public key. This is helpful if you need to visually verify that the public
key the switch is using for authenticating itself to a client matches the copy
of this key in the client's "known hosts" file:
■
Non-encoded ASCII numeric string: Requires a client ability to
display the keys in the "known hosts" file in the ASCII format. This
method is tedious and error-prone due to the length of the keys. (See
figure 8-7 on page 8-13.)
■
Phonetic hash: Outputs the key as a relatively short series of alpha-
betic character groups. Requires a client ability to convert the key to
this format.
■
Hexadecimal hash: Outputs the key as a relatively short series of
hexadecimal numbers. Requires a parallel client ability.
For example, on the switch, you would generate the phonetic and hexadecimal
versions of the switch's public key in figure 8-7 as follows:
Modulus <n>
Phonetic "Hash" of Switch's Public Key
Hexadecimal "Fingerprints"
of the Same Switch Public