11.4.2 Secure remote login

You can use ssh commands to log in to SSH servers. However, SSH client function of the Switch supports only password authentication, so you need to enable password authentication on SSH server.

When connecting to SSH server for the first time with ssh,scp, and sftp commands, the fingerprint of the host public key of the connected SSH server is displayed to verify that the connected server is the intended server. You can connect more safely by getting the fingerprint of the destination server in advance and comparing it with the fingerprint displayed by the command.

The following figure shows an example of connecting the Switch to SSH servers.

> ssh -c aes128-ctr -m hmac-sha2-256 staff@192.168.1.1                        ..1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
DSA key fingerprint is SHA256:EH9axeEZO+hj5qzBRqx4fgyncb/J5BN4DffD/my9tN8.
DSA key fingerprint is MD5:21:b9:aa:78:66:df:02:67:01:48:86:88:cb:31:c4:da.
Are you sure you want to continue connecting (yes/no)? yes                    ..2
Warning: Permanently added '192.168.1.1' (DSA) to the list of known hosts.
staff@192.168.1.1's password: ******                                          ..3

1. Connect to SSH servers 192.168.1.1 as a user staff. In this case, use aes128-ctr as the symmetric encryption method and hmac-sha2-256 as the message-authentication-code method.

2. When connecting to SSH server for the first time, a confirmation message is displayed because the host public key is not registered in the client user's host public key database. Check the fingerprint (key fingerprint) to make sure that it is the correct hostpublic key for SSH servers you are trying to connect to. When you are satisfied, enter yes to register and continue connecting to the database.

   Note that once you register the host public key in the user's host public key database, the fingerprint will not be checked at the next connection.

3. Enter your staff password. Log in.