6-20
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
For example, assume that you have a client public-key file named Client-
Keys.pub (on a TFTP server at 10.33.18.117) ready for downloading to the
switch. For SSH access to the switch you want to allow only clients having a
private key that matches a public key found in Client-Keys.pub. For Manager-
level (enable) access for successful SSH clients you want to use TACACS+ for
primary password authentication and local for secondary password authenti-
cation, with a Manager username of "1eader" and a password of "m0ns00n".
To set up this operation you would configure the switch in a manner similar
to the following:
Figure 6-12. Configuring for SSH Access Requiring a Client Public-Key Match and Manager Passwords
Syntax: copy tftp pub-key-file < ip-address > < filename >
Copies a public key file into the switch.
aaa authentication ssh login public-key < none >
Configures the switch to authenticate a client public-key for
primary login (Operator) access.
When the primary method is public-key, the secondary
method is always none, which may or may not be specified.
Syntax: aaa authentication ssh enable < local | tacacs | radius > < local | none >
Configures a password method for the primary and second-
ary enable (Manager) access. If you do not specify an
optional secondary method, it defaults to none.
If the primary method is local, the secondary method is
always none, which may or may not be specified.
Configures Manager user-
name and password.
Configures the
switch to allow
SSH access only a
client whose
public key
matches one of the
keys in the public
key file
Configures the primary and
secondary password methods for
Manager (enable) access. (Becomes
available after SSH access is granted
Copies a public key file
named "Client-Keys.pub"
into the switch.
To Next Page
Loading...
Need help?
General