- Index
- Preface
- Product Overview
-
- Configuring Ethernet Interfaces
- Configuring VLANs
- Configuring Private VLANs
- Configuring Rapid PVST+
- Configuring Multiple Spanning Tree
- Configuring STP Extensions
- Configuring Port Channels
- Configuring Access and Trunk Interfaces
- Configuring the MAC Address Table
- Configuring IGMP Snooping
- Configuring Traffic Storm Control
-
- Configuring Fibre Channel Interfaces
- Configuring Domain Parameters
- Configuring N-Port Virtualization
- Configuring VSAN Trunking
- Configuring SAN PortChannels
- Configuring and Managing VSANs
- Configuring and Managing Zones
- Distributing Device Alias Services
- Configuring Fibre Channel Routing Services and Protocols
- Managing FLOGI, Name Server, FDMI, and RSCN Databases
- Discovering SCSI Targets
- Advanced Features and Concepts
- Configuring FC-SP and DHCHAP
- Configuring Port Security
- Configuring Fabric Binding
- Configuring Fabric Configuration Servers
- Configuring Port Tracking
- Information About SSH and Telnet
- Prerequisites for SSH
- Guidelines and Limitations
- Configuring SSH
- Configuring Telnet
- Verifying the SSH and Telnet Configuration
- SSH Example Configuration
- Default Settings
Configuring SSH and Telnet
This chapter describes how to configure Secure Shell Protocol (SSH) and Telnet on the Nexus 5000 Series switches.
Information About SSH and Telnet
This section includes the following topics:
SSH Server
The SSH server feature enables a SSH client to make a secure, encrypted connection to a Nexus 5000 Series switch. SSH uses strong encryption for authentication. The SSH server in the Nexus 5000 Series switch will interoperate with publicly and commercially available SSH clients.
The user authentication mechanisms supported for SSH are RADIUS, TACACS+, and the use of locally stored user names and passwords.
SSH Client
The SSH client feature is an application running over the SSH protocol to provide device authentication and encryption. The SSH client enables a Nexus 5000 Series switch to make a secure, encrypted connection to another Nexus 5000 Series switch or to any other device running the SSH server. This connection provides an outbound connection that is encrypted. With authentication and encryption, the SSH client allows for a secure communication over an insecure network.
The SSH client in the Nexus 5000 Series switch works with publicly and commercially available SSH servers.
SSH Server Keys
SSH requires server keys for secure communications to the Nexus 5000 Series switch. You can use SSH keys for the following SSH options:
- SSH version 2 using Rivest, Shamir, and Adelman (RSA) public-key cryptography
- SSH version 2 using the Digital System Algrorithm (DSA)
Be sure to have an SSH server key-pair with the appropriate version before enabling the SSH service. You can generate the SSH server key-pair according to the SSH client version used. The SSH service accepts three types of key-pairs for use by SSH version 2:
- The dsa option generates the DSA key-pair for the SSH version 2 protocol.
- The rsa option generates the RSA key-pair for the SSH version 2 protocol.
By default, the Nexus 5000 Series switch generates an RSA key using 1024 bits.


Telnet Server
The Telnet protocol enables TCP/IP connections to a host. Telnet allows a user at one site to establish a TCP connection to a login server at another site, and then passes the keystrokes from one system to the other. Telnet can accept either an IP address or a domain name as the remote system address.
The Telnet server is enabled by default on the Nexus 5000 Series switch.
Prerequisites for SSH
Guidelines and Limitations
SSH have the following configuration guidelines and limitations:

Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Configuring SSH
This section includes the following sections:
- Generating SSH Server Keys
- Specifying the SSH Public Keys for User Accounts
- Starting SSH Sessions to Remote Devices
- Clearing SSH Hosts
- Disabling the SSH Server
- Deleting SSH Server Keys
- Clearing SSH Sessions
Generating SSH Server Keys
You can generate an SSH server key based on your security requirements. The default SSH server key is an RSA key generated using 1024 bits. To generate SSH server keys, perform this task:
The following example shows how to generate an SSH server key:
Specifying the SSH Public Keys for User Accounts
You can configure an SSH public key to log in using the SSH client without being prompted for a password. You can specify the SSH public key in one of three different formats:
Specifying the SSH Public Keys in Open SSH Format
You can specify the SSH public keys in SSH format for user accounts.
To specify the SSH public keys in open SSH format, generate an SSH public key in open SSH format and perform this task:
|
|
|
---|---|---|
(Optional) Copies the running configuration to the startup configuration. |
The following example shows how to specify an SSH public keys in open SSH format:
switch(config)# switch(config)# username User1 sshkey ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAy19oF6QaZl9G+3f1XswK3OiW4H7YyUyuA50rv7gsEPjhOBYmsi6PAVKui1nIf/DQhum+lJNqJP/eLowb7ubO+lVKRXFY/G+lJNIQW3g9igG30c6k6+XVn+NjnI1B7ihvpVh7dLddMOXwOnXHYshXmSiH3UD/vKyziEh5S4Tplx8=
Specifying the SSH Public Keys in IETF SECSH Format
You can specify the SSH public keys in IETF SECSH format for user accounts.
To specify the SSH public keys in IETF SECSH format, generate an SSH public key in IETF SCHSH format, and perform this task:
The following example shows how to specify the SSH public keys in the IETF SECSH format:
switch(config)# username User1 sshkey file bootflash:secsh_file.pub
Specifying the SSH Public Keys in PEM-Formatted Public Key Certificate Form
You can specify the SSH public keys in PEM-formatted Public Key Certificate form for user accounts.
To specify the SSH public keys in PEM-formatted Public Key Certificate form, generate an SSH public key in PEM-Formatted Public Key Certificate form and perform this task:
The following example shows how to specify the SSH public keys in PEM-formatted public key certificate form:
Starting SSH Sessions to Remote Devices
You can start SSH sessions to connect to remote devices from your Nexus 5000 Series switch.
Clearing SSH Hosts
When you download a file from a server using SCP or SFTP, you establish a trusted SSH relationship with that server. To clear the list of trusted SSH servers for your user account, perform this task:
|
|
|
---|---|---|
Disabling the SSH Server
By default, the SSH server is enabled on the Nexus 5000 Series switch.
To disable the SSH server to prevent SSH access to the switch, perform this task:
|
|
|
---|---|---|
(Optional) Copies the running configuration to the startup configuration. |
Deleting SSH Server Keys
You can delete SSH server keys after you disable the SSH server.

Note To reenable SSH, you must first generate an SSH server key (see “Generating SSH Server Keys” section).
To delete the SSH server keys, perform this task:
|
|
|
---|---|---|
(Optional) Copies the running configuration to the startup configuration. |
Clearing SSH Sessions
To clear SSH sessions from the Nexus 5000 Series switch, perform this task:
|
|
|
---|---|---|
Configuring Telnet
This section includes the following topics:
Enabling the Telnet Server
By default, the Telnet server is enabled. To disable the Telnet server on your Nexus 5000 Series switch, perform this task:
|
|
|
---|---|---|
To reenable the Telnet server, perform this task:
|
|
---|---|
Starting Telnet Sessions to Remote Devices
Before you start a Telnet session to connect to remote devices, you should do the following:
- Obtain the hostname for the remote device and, if needed, the user name on the remote device.
- Enable the Telnet server on the Nexus 5000 Series switch.
- Enable the Telnet server on the remote device.
To start Telnet sessions to connect to remote devices from your Nexus 5000 Series switch, perform this task:
|
|
|
---|---|---|
Creates a Telnet session to a remote device. The hostname argument can be an IPv4 address, an IPv6 address, or a device name. |
The following example shows starting a Telnet session to connect to a remote device:
Clearing Telnet Sessions
To clear Telnet sessions from the Nexus 5000 Series switch, perform this task:
|
|
|
---|---|---|
Verifying the SSH and Telnet Configuration
To display the SSH configuration information, perform one of the following tasks:
|
|
---|---|
Displays the SSH and user account configuration in the running configuration. The all keyword displays the default values for the SSH and user accounts. |
|
SSH Example Configuration
The following example shows how to configure SSH:
Step 1 Generate an SSH server key.
Step 3 Display the SSH server key.
Step 4 Specify the SSH public key in Open SSH format.
Step 5 Save the configuration.
Default Settings
Table 1-1 lists the default settings for SSH parameters.
|
|
---|---|