To Load Switch Configuration Files From The Scp Host; Ssh And Scp Encryption Of Management Messages; Generating Rsa Host Key For Ssh Access; Ssh/Scp Integration With Radius Authentication - Lenovo RackSwitch G8264 Application Manual

To Load Switch Configuration Files from the SCP Host

SSH and SCP Encryption of Management Messages

Generating RSA Host Key for SSH Access

SSH/SCP Integration with Radius Authentication

© Copyright Lenovo 2016
Syntax:
>> scp [­4|­6] <local filename> <username>@<switch IP address>:putimg1
>> scp [­4|­6] <local filename> <username>@<switch IP address>:putimg2
>> scp [­4|­6] <local filename> <username>@<switch IP address>:putboot
Example:
>> scp 6.1.0_os.img scpadmin@205.178.15.157:putimg1
The following encryption and authentication methods are supported for SSH and
SCP:
 Server Host Authentication: Client RSA authenticates the switch at the
 Key Exchange:
 Encryption:
 User Authentication:
To support the SSH host feature, an RSA host key is required. The host key is 2048
bits and is used to identify the G8264.
To configure RSA host key, first connect to the G8264 through the console port
(commands are not available via external Telnet connection), and enter the
following command to generate it manually.
RS G8264(config)# ssh generate­host­key
When the switch reboots, it will retrieve the host key from the FLASH memory.
Note: The switch will perform only one session of key/cipher generation at a time.
Thus, an SSH/SCP client will not be able to log in if the switch is performing key
generation at that time. Also, key generation will fail if an SSH/SCP client is
logging in at that time.
SSH/SCP is integrated with RADIUS authentication. After the RADIUS server is
enabled on the switch, all subsequent SSH authentication requests will be
redirected to the specified RADIUS servers for authentication. The redirection is
transparent to the SSH clients.
beginning of every connection
RSA
3DES‐CBC, DES
Local password authentication, RADIUS
Chapter 4: Securing Administration
99