Although not dealing with Cisco directly Dell switches are around in network closets and with my limited experience with them I thought this would be a perfect blog post to show the differences between Dell and Cisco. I like to think of Dell CLI like a dumb downed version of the Cisco CLI so I had some time to play around with a Dell 6248P switch and wanted to figure out how to get SSH working in the thing. Couple searches around the web and some guess and check methods I was able to get SSH working and disable telnet sessions from connecting to the switch. Compared to a Cisco switch dell has few commands when configuring SSH. This switch was configured with an IP address and user name and passwords before I touched it but I don’t think would too hard to figure out.
So if you never touched a Dell switch like I have but worked with Cisco CLI you’ll find that it is similar which is nice feature, I used telnet to remote into the switch which is insecure and sends information in plain text, which is why we are moving to SSH. So after typing the username and password I was prompted a familiar sign. I typed enable to get into privilege EXEC mode.
From there I found a command that will display your public keys on the device that is if you have any. The command was show crypto key mypubkey (Notice how no keys have been configured yet)
EdgeSW0D#show crypto key mypubkey RSA Key is not Generated yet ! DSA Key is not Generated yet !
From privilege EXEC mode I typed configure on the prompt, once I was in there I found the crypto command and generated some DSA keys with the following command: crypto key generate dsa
EdgeSW0D#configure EdgeSW0D(config)#crypto key generate dsa DSA key generation started, this may take a few minutes................ DSA key generation complete.
Under the configuration mode I also noticed the ip ssh server command but once I hit enter I got the following error:
EdgeSW0D(config)#ip ssh server SSH could not be enabled.
It took me awhile to figure this issue out, I played around with a another Dell switch and at least to what I found out online and my guess and check methods I noticed that the command ip ssh server works only when both DSA and RSA keys are configured. It does not matter that order as long as switch has both of them and the version of the Dell switch I used when writing post this was the latest version 3.3. Once I created RSA keys with the already created DSA keys the command ip ssh server went through. To create RSA keys it is the same command but substitute DSA with RSA. crypto key generate rsa
EdgeSW0D(config)#crypto key generate rsa RSA key generation started, this may take a few minutes..... RSA key generation complete. EdgeSW0D(config)#ip ssh server
Go ahead and leave the telnet session open and connect to the switch via SSH to verify SSH is working so you don’t lock yourself out. I issued the command show sessions to see that I have two sessions with this switch Telnet and SSH.
EdgeSW0D#show sessions Connection Host Address Port ---------- ----------------------- ----------------------- ----------- 0 172.27.227.67 172.27.227.67 Telnet 1 172.27.227.67 172.27.227.67 SSH
Once I verified that SSH is working I can disable telnet so only SSH connections are allowed and accepted, with the following command ip telnet server disable.
EdgeSW0D#configure EdgeSW0D(config)#ip telnet server disable
That’s it! If you want a refresh on how Cisco does it check the blog post I posted back in March Configuring SSH. Like always I hope this information is helpful and if you have an idea of the next topic let me know by posting below.
- What do you mean privilege escalation is not HIGH RISK? (pauldotcom.com)
- 9 Awesome SSH Tricks (tychoish.com)
- Simple Two-Factor SSH Authentication (moocode.com)
- imabonehead: Symkat – SSH: Tips And Tricks You Need (symkat.com)