Wednesday, September 17, 2014

VRTX R1-2401 ssh & https

If you are in your VRTX CMC https and hit the "Launch I/O Module GUI" button to the internal switch you are passed over to a http login page. HTTP. Not secure.

As my workaround, I ssh'ed to the CMC and "connect switch-1" to link into the VRTX switch.

From there, configuring secure settings for the switch is pretty easy although I didn't see the commands all in one place so here they are. slashslash is my comment, do not copy-paste this directly.

# show crypto key  // show default ssh keys
# configure // config mode
(config)# crypto key generate rsa  // regenerate ssh key
(config)# crypto key generate dsa  // regenerate ssh key
(config)# ip ssh server // enables ssh server service
(config)# crypto certificate 1 generate key-generate // generate https key
(config)# ip https certificate 1 // associate key with https
(config)# ip http secure-server // enables https server service
(config)# no ip telnet server // turn off telnet service
(config)# no ip http server // turn off http access
(config)# exit
# copy running-config startup-config // ALWAYS

Also best link for VRTX manuals from Dell Support guy here: Drink me

The "Launch I/O Module GUI" button isn't smart enough to pass on to https and since we've turned off http it'll just die. But you'll have the IP and should be able to figure it out from there.