© Copyright Lenovo 2016 Chapter 4: Securing Administration 99To Load Switch Configuration Files from the SCP HostSyntax:Example:SSH and SCP Encryption of Management MessagesThe following encryption and authentication methods are supported for SSH andSCP: Server Host Authentication: Client RSA authenticates the switch at thebeginning of every connection Key Exchange: RSA Encryption: 3DES‐CBC, DES User Authentication: Local password authentication, RADIUSGenerating RSA Host Key for SSH AccessTo support the SSH host feature, an RSA host key is required. The host key is 2048bits and is used to identify the G8264.To configure RSA host key, first connect to the G8264 through the console port(commands are not available via external Telnet connection), and enter thefollowing command to generate it manually.When the switch reboots, it will retrieve the host key from the FLASH memory.Note: The switch will perform only one session of key/cipher generation at a time.Thus, an SSH/SCP client will not be able to log in if the switch is performing keygeneration at that time. Also, key generation will fail if an SSH/SCP client islogging in at that time.SSH/SCP Integration with Radius AuthenticationSSH/SCP is integrated with RADIUS authentication. After the RADIUS server isenabled on the switch, all subsequent SSH authentication requests will beredirected to the specified RADIUS servers for authentication. The redirection istransparent to the SSH clients.>> scp [ 4| 6] filename> @ IP address>:putimg1>> scp [ 4| 6] filename> @ IP address>:putimg2>> scp [ 4| 6] filename> @ IP address>:putboot>> scp 6.1.0_os.img scpadmin@205.178.15.157:putimg1RS G8264(config)# ssh generate host key
