Instrukcja obsługi Dell Force10 S25-01-GE-24V
Dell
nieskategoryzowany
Force10 S25-01-GE-24V
Przeczytaj poniżej 📖 instrukcję obsługi w języku polskim dla Dell Force10 S25-01-GE-24V (6 stron) w kategorii nieskategoryzowany. Ta instrukcja była pomocna dla 10 osób i została oceniona przez 5.5 użytkowników na średnio 4.4 gwiazdek
Strona 1/6
S-Series Secure Management
This application note describes how to enable the SSH and SSL secure
management features on the S-Series platforms.
Version 1.5
June 1, 2006
S-Series Secure Management
Table of Contents
Introduction ...................................................................................................................................... 2
Enabling SSH................................................................................................................................... 2
Enabling SSL/HTTPS ...................................................................................................................... 4
Introduction
Enabling secure management via Secure SHell (SSH) or Secure Sockets Layer (SSL/HTTPS) on the S-Series is a
four-step process. SSH and SSL both provide an encrypted transport session between the management station and
switch.
1. Generate the SSH keys or SSL certificates offline.
2. Copy the SSH keys or SSL certificates to the switch using TFTP.
3. Enable the secure management server (SSH or HTTPS) on the switch.
4. Disable the insecure version of the management server (Telnet or HTTP).
If you received this document as part of a .zip file, the file should contain two directories: ssh and ssl (the directories
are also on the S-Series CD-ROM). If you did not get the entire .zip file, please contact your Force10 account team.
• The ssh directory has example RSA1, RSA2 and DSA keys and a shell script called “generate-keys.sh” that can
be used to generate your own SSH keys.
• The ssl directory has example certificates and a shell script called “generate-pem.sh” that can be used to generate
your own SSL certificates.
The scripts provided use OpenSSH (http://www.openssh.org/) and OpenSSL (http://www.openssl.org/) for key and
certificate generation. Other free and commercial tools exist that can provide the same functionality and you can use
them if you like.
For additional options and commands related to the Telnet, SSH and HTTP/HTTPS features, please consult the
SFTOS manuals.
Enabling SSH
1. Generate the SSH keys using the script in the ssh directory, or copy the example keys (which end in .key) to your
TFTP server.
2. Copy the keys to NVRAM with TFTP as follows from this example, using the IP address of your TFTP server. For
SSHv1, copy the RSA1 key. For SSHv2, copy the RSA1, RSA2, and DSA keys, as shown below.
SFTOS #copy tftp://192.168.0.10/rsa1.key nvram:sshkey-rsa1
Mode........................................... TFTP
Set TFTP Server IP............................. 192.168.0.10
TFTP Path......................................
TFTP Filename.................................. rsa1.key
Data Type...................................... SSH RSA1 key
Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y
TFTP SSH key receive complete... updating key file...
Key file transfer operation completed successfully
- 2 -
S-Series Secure Management
SFTOS #copy tftp://192.168.0.10/rsa2.key nvram:sshkey-rsa2
Mode........................................... TFTP
Set TFTP Server IP............................. 192.168.0.10
TFTP Path......................................
TFTP Filename.................................. rsa2.key
Data Type...................................... SSH RSA2 key
Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y
TFTP SSH key receive complete... updating key file...
Key file transfer operation completed successfully
SFTOS # copy tftp://192.168.0.10/dsa.key nvram:sshkey-dsa
Mode........................................... TFTP
Set TFTP Server IP............................. 192.168.0.10
TFTP Path......................................
TFTP Filename.................................. dsa.key
Data Type...................................... SSH DSA key
Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y
TFTP SSH key receive complete... updating key file...
Key file transfer operation completed successfully
3. Enable the SSH server with this command.
SFTOS Version <= 2.2.1 SFTOS Version >= 2.3.1
(SFTOS) #ip ssh server enable
SFTOS (Config)#ip ssh server enable
To verify that the server has started, use this command to show the SSH server status and check the log file for
the following messages.
SFTOS #show ip ssh
SSH Configuration
Administrative Mode: .......................... Enabled
Protocol Levels: .............................. Versions 1 and 2
SSH Sessions Currently Active: ................ 0
Max SSH Sessions Allowed: ..................... 5
SSH Timeout: .................................. 5
SFTOS #show logging buffered
JAN 01 00:31:54 192.168.0.34-1 UNKN[222273672]: sshd_control.c(444) 15 %% SSHD: sshdListenTask
started
JAN 01 00:31:54 192.168.0.34-1 UNKN[209305936]: sshd_main.c(596) 16 %% SSHD: successfully
opened file ssh_host_dsa_key
JAN 01 00:31:54 192.168.0.34-1 UNKN[209305936]: sshd_main.c(609) 17 %% SSHD: successfully
loaded DSA key
JAN 01 00:31:54 192.168.0.34-1 UNKN[209305936]: sshd_main.c(631) 18 %% SSHD: successfully
opened file ssh_host_rsa_key
JAN 01 00:31:54 192.168.0.34-1 UNKN[209305936]: sshd_main.c(643) 19 %% SSHD: successfully
loaded RSA2 key
JAN 01 00:31:56 192.168.0.34-1 UNKN[209305936]: sshd_main.c(353) 20 %% SSHD: Done generating
server key
- 3 -
Specyfikacje produktu
| Marka: | Dell |
| Kategoria: | nieskategoryzowany |
| Model: | Force10 S25-01-GE-24V |
Potrzebujesz pomocy?
Jeśli potrzebujesz pomocy z Dell Force10 S25-01-GE-24V, zadaj pytanie poniżej, a inni użytkownicy Ci odpowiedzą
Instrukcje nieskategoryzowany Dell
18 Sierpnia 2024
28 Maja 2024
23 Maja 2024
20 Maja 2024
16 Maja 2024
16 Maja 2024
14 Maja 2024
11 Maja 2024
11 Maja 2024
7 Maja 2024
Instrukcje nieskategoryzowany
- nieskategoryzowany Testboy
- nieskategoryzowany BDI
- nieskategoryzowany Gravity
- nieskategoryzowany Beko
- nieskategoryzowany OneConcept
- nieskategoryzowany Thermex
- nieskategoryzowany Varta
- nieskategoryzowany Fortinet
- nieskategoryzowany Adventuridge
- nieskategoryzowany TCL
- nieskategoryzowany MTD
- nieskategoryzowany Clatronic
- nieskategoryzowany Belkin
- nieskategoryzowany Solo
- nieskategoryzowany Focusrite
Najnowsze instrukcje dla nieskategoryzowany
28 Października 2024
28 Października 2024
27 Października 2024
27 Października 2024
27 Października 2024
27 Października 2024
27 Października 2024
27 Października 2024
27 Października 2024
27 Października 2024