Telnet Server
• SSH version 2 using the Digital System Algrorithm (DSA)
Be sure to have an SSH server key-pair with the appropriate version before enabling the SSH service. You
can generate the SSH server key-pair according to the SSH client version used. The SSH service accepts three
types of key-pairs for use by SSH version 2:
• The dsa option generates the DSA key-pair for the SSH version 2 protocol.
• The rsa option generates the RSA key-pair for the SSH version 2 protocol.
By default, the Cisco Nexus 5000 Series switch generates an RSA key using 1024 bits.
SSH supports the following public key formats:
• OpenSSH
• IETF Secure Shell (SECSH)
If you delete all of the SSH keys, you cannot start the SSH services.
Caution
Telnet Server
The Telnet protocol enables TCP/IP connections to a host. Telnet allows a user at one site to establish a TCP
connection to a login server at another site, and then passes the keystrokes from one system to the other. Telnet
can accept either an IP address or a domain name as the remote system address.
The Telnet server is enabled by default on the Cisco Nexus 5000 Series switch.
Guidelines and Limitations for SSH
SSH has the following configuration guidelines and limitations:
• The Cisco Nexus 5000 Series switch supports only SSH version 2 (SSHv2).
Configuring SSH
Generating SSH Server Keys
You can generate an SSH server key based on your security requirements. The default SSH server key is an
RSA key generated using 1024 bits. To generate SSH server keys, perform this task:
SUMMARY STEPS
1. switch# configure terminal
2. switch(config)# ssh key {dsa [force] | rsa [bits [force]]}
3. switch(config)# exit
4. (Optional) switch# show ssh key
5. (Optional) switch# copy running-config startup-config
Cisco Nexus 5000 Series NX-OS Security Configuration Guide
62
Guidelines and Limitations for SSH
OL-20919-01