Telnet and SSH Commands

This chapter contains the following sections:

crypto certificate generate

To create a self-signed certification for HTTPS, use the crypto certificate generate Global Configuration mode command.

Syntax

crypto certificate generate

Parameters

N/A

Default Configuration

N/A

Command Mode

Global Configuration mode

Example

switchxxxxxx(config)# crypto certificate generate
Generating a 1024 bit RSA private key
...................................................................++++++
...........++++++
writing new private key to '/mnt/ssl_key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

crypto key generate

To create a public and private DSA key (DSA key pair) or a public and private RSA key (RSA key pair), use the crypto key generate Global Configuration mode command.

Syntax

crypto key generate {dsa | rsa}

Parameters

dsa—Creates a DSA key pair.

rsa—Creates a RSA key pair.

Default Configuration

N/A

Command Mode

Global Configuration mode

User Guidelines

DSA keys are generated in pairs—one public DSA key and one private DSA key. If the switch already has DSA keys, a warning is displayed with a prompt to replace the existing keys with new keys.

RSA keys are generated in pairs—one public RSA key and one private RSA key. If the switch already has RSA keys, a warning is displayed with a prompt to replace the existing keys with new keys.

This command is not saved in the Running Configuration file. However, the keys generated by this command are saved in a private configuration (which is never displayed to the user or saved to another device).

Example

Example 1—The following example generates DSA key pair:

switchxxxxxx(config)# crypto key generate dsa
Replace Existing Key ? (Y/N)[N]Y
Generating a SSHv2 default DSA Key.
This may take a few minutes, depending on the key size.

Example 2—The following example generates RSA key pair:

switchxxxxxx(config)# crypto key generate rsa
Replace Existing Key ? (Y/N)[N]Y
Generating a SSHv2 default RSA Key.
This may take a few minutes, depending on the key size.

ip ssh server

To enable the Secure Shell (SSH) service on the switch, use the ip ssh server Global Configuration mode command.

To disable the SSH service on the switch, use the no form of this command.

Syntax

ip ssh server

no ip ssh server

Parameters

N/A

Default Configuration

SSH is disabled by default.

Command Mode

Global Configuration mode

User Guidelines

The switch can be configured from a SSH server or Telnet (or both). To control the switch configuration by Telnet, use the ip telnet server Global Configuration mode command.

Example

switchxxxxxx(config)# ip ssh server
SSH daemon enabled.

ip telnet server

To enable the Teletype Network (Telnet) service on the switch, use the ip telnet server Global Configuration mode command.

To disable the Telnet service on the switch, use the no form of this command.

Syntax

ip telnet server

no ip telnet server

Parameters

N/A

Default Configuration

Telnet is disabled by default.

Command Mode

Global Configuration mode

User Guidelines

The switch can be configured from a SSH server or Telnet (or both). To control the switch configuration by SSH, use the ip ssh server Global Configuration mode command.

Example

switchxxxxxx(config)# ip telnet server