Configuring Secure Shell (SSH)
Steps for Configuring and Using SSH for Switch and Client Authentication
Steps for Configuring and Using SSH for
Switch and Client Authentication
For two-way authentication between the switch and an SSH client, you must
use the login (Operator) level.
Table 6-1. SSH Options
Switch
Access
Level
Primary SSH
Authentication
Authenticate
Switch Public Key
to SSH Clients?
Authenticate
Client Public Key
to the Switch?
Primary Switch
Password
Authentication
Secondary Switch
Password
Authentication
Operator
(Login)
Level
ssh login rsa Yes Yes
1
No
1
local or none
ssh login Local Yes No Yes local or none
ssh login TACACS Yes No Yes local or none
ssh login RADIUS Yes No Yes local or none
Manager
(Enable)
Level
ssh enable local Yes No Yes local or none
ssh enable tacacs Yes No Yes local or none
ssh enable radius Yes No Yes local or none
1
For ssh login public-key, the switch uses client public-key authentication instead of the switch password options for
primary authentication.
The general steps for configuring SSH include:
A. Client Preparation
1. Install an SSH client application on a management station you want
to use for access to the switch. (Refer to the documentation provided
with your SSH client application.)
2. Optional—If you want the switch to authenticate a client public-key
on the client:
a. Either generate a public/private key pair on the client computer
(if your client application allows) or import a client key pair that
you have generated using another SSH application.
b. Copy the client public key into an ASCII file on a TFTP server
accessible to the switch and download the client public key file to
the switch. (The client public key file can hold up to ten client
keys.) This topic is covered under
“To Create a Client-Public-Key
Text File” on page 6-23.
6-6