6-19
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
Option B: Configuring the Switch for Client Public-Key SSH
Authentication. If configured with this option, the switch uses its public
key to authenticate itself to a client, but the client must also provide a client
public-key for the switch to authenticate. This option requires the additional
step of copying a client public-key file from a TFTP server into the switch. This
means that before you can use this option, you must:
1. Create a key pair on an SSH client.
2. Copy the client’s public key into a public-key file (which can contain up
to ten client public-keys).
3. Copy the public-key file into a TFTP server accessible to the switch and
download the file to the switch.
(For more on these topics, refer to “Further Information on SSH Client Public-
Key Authentication” on page 6-22.)
With steps 1 - 3, above, completed and SSH properly configured on the switch,
if an SSH client contacts the switch, login authentication automatically occurs
first, using the switch and client public-keys. After the client gains login
access, the switch controls client access to the manager level by requiring the
passwords configured earlier by the aaa authentication ssh enable command.
Syntax: aaa authentication ssh login < local | tacacs | radius >[< local | none >]
Configures a password method for the primary and second-
ary login (Operator) access. If you do not specify an optional
secondary method, it defaults to none.
Note: If the primary access is local, the secondary access
cannot be local.
aaa authentication ssh enable < local | tacacs | radius>[< local | none >]
Configures a password method for the primary and second-
ary enable (Manager) access. If you do not specify an
optional secondary method, it defaults to none.
Note: If the primary access is local, the secondary access
cannot be local.
To Next Page
Loading...
Need help?
General