Providing the switch public key to clients

When an SSH client contacts the switch for the first time, the client will challenge the connection unless you have already copied the key into the client's "known host" file. Copying the switch key in this way reduces the chance that an unauthorized device can pose as the switch to learn your access passwords. The most secure way to acquire the switch public key for distribution to clients is to use a direct, serial connection between the switch and a management device (laptop, PC, or UNIX workstation), as described below.

The public key generated by the switch consists of three parts, separated by one blank space each:

A public key generated by the switch
  • A direct serial connection from a management station to the switch.

  • A terminal application such as HyperTerminal

  1. Use a terminal application such as HyperTerminal to display the switch public key with the show crypto host public-key command, see Displaying the public key.
  2. Bring up the SSH client's "known host" file in a text editor such as Notepad as straight ASCII text, and copy the switch public key into the file.
  3. Ensure that there are no changes or breaks in the text string. A public key must be an unbroken ASCII string. Line breaks are not allowed (changes in the line breaks will corrupt the Key.) For example, if you are using Windows® Notepad, ensure that Word Wrap (in the Edit menu) is disabled, and that the key text appears on a single line.
    Example of a correctly formatted public key
  4. Add any data required by your SSH client application. For example, before saving the key to an SSH client's "known hosts" file you may have to insert the switch IP address:
    Example of a switch public key edited to include the switch’s IP address

    For more on this topic, see the documentation provided with your SSH client application.