About the SSH server

SSH (Secure Shell) is a cryptographic protocol that encrypts all communication between devices.

Each switch VRF includes an SSH server. The SSH server on the mgmt VRF is enabled by default in software version 10.02 and higher, and disabled in version 10.01 and lower. Only the SSH servers included in the switch are supported.

The SSH server provides SSH client to switch communications, enabling SSH clients (at least SSH v2.0) to connect to the switch for the purpose of managing it. The SSH server interfaces with the authentication service that provides local and/or remote AAA.

NOTE:

The SSH server will perform a rekey operation for all open SSH sessions at every hour or after 1 GB of data transferred, whichever occurs first. The rekey is performed to address a common security concern that encryption/decryption keys not be used for long periods of time. This limits the amount of data exposed in the unfortunate case where a key is exposed or refactored.

NOTE:

SSH public key authentication is separate from SSH server. Look for information on SSH public key under Local authentication.