Configuring ssh on a Netgear GSM7324 switch
Posted on December 20th, 2008
Configuring ssh on a Netgear GSM7324 switch
12 Dec 2009 : Configuring ssh on a Netgear GSM7324 switch
We got a new Netgear GSM7324 managed switch at work, and the procedure to learn it to use SSH is both complicated and not very well documented with Netgear, and it is not something you do every week, so I decided to take notes and document the whole procedure.
The switch I was setting up is named gsm7324 so you will see a prompt
(gsm7324) >
or in privileged exec mode (usual)
(gsm7324) #
First, on another machine, generate ssh server keys, in a directory that can be read by the tftp server, and make sure the tftp server can read them all.
root@kyle:/tftpboot/netgear# ssh-keygen -f netgear-gsm7324-dsa.key -t dsa -N ” -C gsm7324
Generating public/private dsa key pair.
Your identification has been saved in netgear-gsm7324-dsa.key.
Your public key has been saved in netgear-gsm7324-dsa.key.pub.
The key fingerprint is:
72:79:43:31:3c:42:cd:3a:29:e4:54:96:50:02:af:4b gsm7324
root@kyle:/tftpboot/netgear# ssh-keygen -f netgear-gsm7324-rsa.key -t rsa -N ” -C gsm7324
Generating public/private rsa key pair.
Your identification has been saved in netgear-gsm7324-rsa.key.
Your public key has been saved in netgear-gsm7324-rsa.key.pub.
The key fingerprint is:
b4:e9:fa:24:40:86:57:24:8d:6a:fe:ee:0c:46:20:33 gsm7324
root@kyle:/tftpboot/netgear# ssh-keygen -f netgear-gsm7324-rsa1.key -t rsa1 -N ” -C gsm7324
Generating public/private rsa1 key pair.
Your identification has been saved in netgear-gsm7324-rsa1.key.
Your public key has been saved in netgear-gsm7324-rsa1.key.pub.
The key fingerprint is:
8e:25:9e:84:cf:5d:d3:38:2a:a7:05:89:82:e9:0f:c0 gsm7324
root@kyle:/tftpboot/netgear# chmod a+r netgear-gsm7324-*
Now log in to the switch (serial console or telnet) and install the keys:
(gsm7324) #copy tftp://192.168.1.10/netgear/netgear-gsm7324-dsa.key nvram:sshkey-dsa
Mode……………………………………. TFTP
Set TFTP Server IP……………………….. 192.168.1.10
TFTP Path………………………………..
TFTP Filename……………………………. netgear-gsm7324-dsa.key
Data Type……………………………….. SSH DSA key
Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y
TFTP SSH key receive complete… updating key file…
Key file transfer operation completed succesfully
(gsm7324) #copy tftp://191.168.1.10/netgear/netgear-gsm7324-rsa1.key nvram:sshkey-rsa1
Mode……………………………………. TFTP
Set TFTP Server IP……………………….. 192.168.1.10
TFTP Path………………………………..
TFTP Filename……………………………. netgear-gsm7324-rsa1.key
Data Type……………………………….. SSH RSA1 key
Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y
TFTP SSH key receive complete… updating key file…
Key file transfer operation completed succesfully
(gsm7324) #copy tftp://192.168.1.10/netgear/netgear-gsm7324-rsa.key nvram:sshkey-rsa2
Mode……………………………………. TFTP
Set TFTP Server IP……………………….. 192.168.1.10
TFTP Path………………………………..
TFTP Filename……………………………. netgear-gsm7324-rsa.key
Data Type……………………………….. SSH RSA2 key
Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y
TFTP SSH key receive complete… updating key file…
Key file transfer operation completed succesfully
Now, enable ssh:
(gsm7324) #ip ssh
Optional, only allow SSH 2 protocol
(gsm7324) #ip ssh protocol 2
Optional, set the ssh login session timeout
(gsm7324) #sshcon timeout 120
Review the config
(gsm7324) #show ip ssh
SSH Configuration
Administrative Mode: …………………….. Enabled
Protocol Levels: ………………………… Version 2
SSH Sessions Currently Active: ……………. 0
Max SSH Sessions Allowed: ………………… 5
SSH Timeout: ……………………………. 120
Test the new ssh config:
$ ssh admin@gsm7324
Warning: Permanently added ‘gsm7324,xxx.xxx.xxxx’ (RSA) to the list of known hosts.
admin@gsm7324’s password:
(gsm7324) >
Finally, disabling telnet after testing ssh connectivity:
(gsm7324) #configure
(gsm7324) (Config)#lineconfig
(gsm7324) (Line)#session-limit 0
(gsm7324) (Line)#no transport input telnet
(gsm7324) (Line)#exit
(gsm7324) (Config)#exit
Saving your hard work:
(gsm7324) #copy system:running-config nvram:startup-config
This operation may take a few minutes.
Management interfaces will not be available during this time.
Are you sure you want to save? (y/n) y
Configuration Saved!