Filter
Top Products
22 CCM Installer/User Guide
A user’s access rights are determined from the authentication method used. SSH key authentication
always uses the access rights from the local user database. Depending on the server authentication
mode specified with the Server Security command, SSH password authentication will use either the
access rights from the local user database or the values returned by the RADIUS server.
With either of the “or” methods (PW|KEY and KEY|PW), the user access rights are determined
from the method used to authenticate the user.
With either of the “and” methods (PW&KEY and KEY&PW), the user access rights are
determined from the first method specified. If PW&KEY is specified, the access rights from the
password authentication will be used. If KEY&PW is specified, the access rights from the key
authentication will be used.
For more information, see Using Authentication Methods on page 30.
SSH user keys
A user’s SSH key is specified in a User Add or User Set command. You may define a key even if
SSH is not currently enabled. The key may be specified in one of two ways:
• When using the SSHKEY and FTPIP keyword pair to define the network location of a user’s
SSH key file, the SSHKEY parameter specifies the name of the uuencoded (Unix to Unix
encoded) public key file on an FTP server. The maximum file size that can be received is 4K
bytes. The FTPIP parameter specifies the FTP server’s IP address.
When this method is specified, the CCM appliance initiates an FTP client request to the
specified IP address. The CCM appliance then prompts the user for an FTP username and
password for connection. When connected, the CCM appliance will GET the specified key file
and the FTP connection will be closed. The CCM appliance then stores the SSH key with the
username in the CCM user database.
• When using the KEY keyword to specify the SSH key, the KEY parameter specifies the actual
uuencoded SSH key. This is for configurations that do not implement an FTP server. The CCM
appliance stores the specified key in the CCM user database.
The CCM appliance processes a uuencoded SSH2 public key file with the format described in the
IETF document draft-ietf-secshpublickeyfile-02. The key must follow all format requirements. The
UNIX ssh-keygen2 generates this file format. The CCM appliance also processes a uuencoded
SSH1 public key file. The UNIX ssh-keygen generates this file format.
PW&KEY or KEY&PW
SSH connections will be authenticated using both a username/password and an
SSH key. With this method, a user’s definition must include a password and SSH key
information for that user to authenticate an SSH session.
PW authentication will be local or RADIUS as specified in the Auth parameter of the
Server Security command. Key authentication is always local.
Table 3.3: SSH Authentication Methods (Continued)
Method Description