It is recommended not to use more than 50 concurrent SSH sessions.
Adding a Host and Providing an SSH Key
To add entries to the global known-hosts configuration file and its SSH value, do the following.
Change to Config mode.
switch > enable switch # configure terminal switch (config) #
Add an entry to the global known-hosts configuration file and its SSH value.
switch (config) # ssh client global known-host "myserver ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsXeklqc8T0EN2mnMcVcfhueaRYzIVqt4rVsrERIjmlJh4mkYYIa8hGGikNa+t5xw2dRrNxnHYLK51bUsSG1ZNwZT1Dpme3pAZeMY7G4ZMgGIW9xOuaXgAA3eBeoUjFdi6+1BqchWk0nTb+gMfI/MK/heQNns7AtTrvqg/O5ryIc=”
Verify what keys exist in the host.
switch (config) # show ssh client SSH client Strict Hostkey Checking: ask SSH Global Known Hosts: Entry 1: myserver Finger Print: d5:d7:be:d7:6c:b1:e4:16:df:61:25:2f:b1:53:a1:06 No SSH user identities configured. No SSH authorized keys configured.
RSA2 and a DSA2 host keys are generated by default. The RSA2 key can be used as SSH server and client, while DSA2 key can only be used as SSH client.
When the switch is a server, use RSA key to connect to the device.
When the switch is a client (e.g., downloading image or uploading logs), RSA key is recommended. DSA key is only for legacy devices and has been deprecated by OpenSSH starting with the 7.0 release.
Retrieving Return Codes When Executing Remote Commands
To stop the CLI and set the system to send return errors if some commands fail, do the following.
- Connect to the system from the host SSH.
Add the flag "-h" after "cli" to notify the system to halt on failure and pass through the exit code.
ssh <username>@<hostname> cli -h '"enable" "show interfaces brief"'