Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

101

102

103

104

105

106

107

108

109

110

Managing the Management Services

5-10 Configuring and Managing IP Interfaces and Services

Session Timeouts

EachSSHsessionisgovernedbytwotimeouts:

•Idletimeout—controlshowlonganopenSSHsessioncanremainidlebeforeMSSclosesthe

session.Thedefaultidletimeoutis30minutes.Youcansettheidletimeouttoavaluefrom0

(disabled)to2,147,483,647minutes.

•Absolutetimeout—controlshowlonganSSH

sessioncanremainopen,regardlessofhow

activethesessionis.Theabsolutetimeoutisdisabledbydefault.EnterasysNetworks

recommendsusingtheidletimeouttocloseunusedsessions.However,iftheidletimeoutis

disabled,MSSchangesthedefaultabsolutetimeoutfrom0(disabled)to60minutestoprevent

anabandonedsessionfromremainingopenindefinitely.Youcansettheabsolutetimeouttoa

valuefrom0(disab led)to2,147,483,647minutes

Enabling SSH

SSHisenabledbydefault.Todisableorreenableit,usethefollowing command:

setipsshserver{enable|disable}

Example

SSHrequiresanSSHauthenticationkey.YoucangenerateoneorallowMSStogenerate one.The

firsttimeanSSHclientattemptstoaccesstheSSHserveronaRoamAboutSwitch,theswitch

automaticallygeneratesa1024‐byteSSHkey.If youwanttousea2048‐bytekeyinstead,

usethe

followingcommandtogenerateone:

crypto generate key ssh 2048

keypairgenerated

Ifakeyhasalreadybeengenerated,thecommandreplacestheoldkeywithanewone.Thenew

keytakesaffectforallnewSSHsessions.

Youcanverifythekeyusingthefollowingcommand:

show crypto key ssh

Example

show crypto key ssh

ec:6f:56:7f:d1:fd:c0:28:93:ae:a4:f9:7c:f5:13:04

Thiscommanddisplaysthechecksum(alsocalledafingerprint)ofthepublickey.Whenyou

initiallyconnecttotheRoamAboutSwitchwithanSSHclient,youcancomparetheSSHkey

checksumdisplayedbytheRoamAboutSwitchwiththeonedisplayedbytheclienttoverifythat

youreallyare

connectedtotheRoamAboutSwitchandnotanotherdevice.Generally,SSHclients

remembertheencryptionkeyafterthefirstconnection,soyouneedtocheckthekeyonlyonce.

TheRoamAboutSwitchswitchstoresthekeyinnonvolatilestoragewherethekeyremainseven

aftersoftwarereboots.

Note: To ensure that all CLI management sessions are encrypted, after you configure SSH, disable

Tel n e t .