Configuring SSH and Telnet
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2
[no] username username keypair generate {rsa [bits
[force]] | dsa [force]}
Example:
switch(config)# username user1 keypair generate
rsa 2048 force
Step 3
(Optional) show username username keypair
Example:
switch(config)# show username user1 keypair
Step 4
Required: username username keypair export
{bootflash:filename | volatile:filename} {rsa | dsa} [force]
Example:
switch(config)# username user1 keypair export
bootflash:key_rsa rsa
Step 5
Required: username username keypair import
{bootflash:filename | volatile:filename} {rsa | dsa} [force]
Example:
switch(config)# username user1 keypair import
bootflash:key_rsa rsa
Purpose
Enters global configuration mode.
Generates the SSH public and private keys and stores them
in the home directory ($HOME/.ssh) of the Cisco NX-OS
device for the specified user. The Cisco NX-OS device uses
the keys to communicate with the SSH server on the remote
machine.
The bits argument is the number of bits used to generate
the key. The range is from 768 to 2048. The default value
is 1024.
Use the force keyword to replace an existing key. The SSH
keys are not generated if the force keyword is omitted and
SSH keys are already present.
Displays the public key for the specified user.
For security reasons, this command does not
Note
show the private key.
Exports the public and private keys from the home directory
of the Cisco NX-OS device to the specified bootflash or
volatile directory.
Use the force keyword to replace an existing key. The SSH
keys are not exported if the force keyword is omitted and
SSH keys are already present.
To export the generated key pair, you are prompted to enter
a passphrase that encrypts the private key. The private key
is exported as the file that you specify, and the public key
is exported with the same filename followed by a .pub
extension. You can now copy this key pair to any Cisco
NX-OS device and use SCP or SFTP to copy the public key
file (*.pub) to the home directory of the server.
Note
For security reasons, this command can be
executed only from global configuration mode.
Imports the exported public and private keys from the
specified bootflash or volatile directory to the home
directory of the Cisco NX-OS device.
Use the force keyword to replace an existing key. The SSH
keys are not imported if the force keyword is omitted and
SSH keys are already present.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Configuring SSH Passwordless File Copy
137