Chapter 3: Operations 25
Server Security command, SSH password authentication will use either
the access rights from the local user database or the values returned by the
RADIUS server.
With either of the “or” methods (PW|KEY and KEY|PW), the user access rights
are determined from the method used to authenticate the user.
With either of the “and” methods (PW&KEY and KEY&PW), the user access
rights are determined from the first method specified. If PW&KEY is specified,
the access rights from the password authentication will be used. If KEY&PW is
specified, the access rights from the key authentication will be used.
For more information, see Using Authentication Modes in this chapter.
SSH user keys
A user’s SSH key is specified in a User Add or User Set command. You may
define a key even if SSH is not currently enabled. The key may be specified in
one of two ways:
• When using the SSHKEY and FTPIP keyword pair to defi ne the network
location of a user’s SSH key fi le, the SSHKEY parameter specifi es the
name of the uuencoded (UNIX to UNIX encoded) public key fi le on an
FTP server. The maximum fi le size that can be received is 4K bytes. The
FTPIP parameter specifi es the FTP server’s IP address.
When this method is specifi ed, the CCM initiates an FTP client request to
the specifi ed IP address. The CCM then prompts the user for an FTP user-
name and password for connection. When connected, the CCM will GET
the specifi ed key fi le and the FTP connection will be closed. The CCM
then stores the SSH key with the username in the CCM user database.
• When using the KEY keyword to specify the SSH key, the KEY param-
eter specifi es the actual uuencoded SSH key. This is for confi gurations
that do not implement an FTP server. The CCM stores the specifi ed key
in the CCM user database.
The CCM processes a uuencoded SSH2 public key file with the format
described in the IETF document draft-ietf-secshpublickeyfile-02. The key must
follow all format requirements. The UNIX ssh-keygen2 generates this file
format. The CCM also processes a uuencoded SSH1 public key file. The UNIX
ssh-keygen generates this file format.
You may also generate SSH user keys via AVWorks. See the AVWorks Installer/
User Guide.