6-7
Configuring Secure Shell (SSH)
Steps for Configuring and Using SSH for Switch and Client Authentication
B. Switch Preparation
1. Assign a login (Operator) and enable (Manager) password on the
switch (page 6-9).
2. Generate a public/private key pair on the switch (page 6-10).
You need to do this only once. The key remains in the switch even if
you reset the switch to its factory-default configuration. (You can
remove or replace this key pair, if necessary.)
3. Copy the switch’s public key to the SSH clients you want to access
the switch (page 6-12).
4. Enable SSH on the switch (page 6-15).
5. Configure the primary and secondary authentication methods you
want the switch to use. In all cases, the switch will use its host-public-
key to authenticate itself when initiating an SSH session with a client.
• SSH Login (Operator) options:
– Option A:
Primary: Local, TACACS+, or RADIUS password
Secondary: Local password or none
– Option B:
Primary: Client public-key authentication (login public-
key — page 6-21)
Secondary: Local password or none
Note that if you want the switch to perform client public-key
authentication, you must configure the switch with Option B.
• SSH Enable (Manager) options:
Primary: Local, TACACS+, or RADIUS
Secondary: Local password or none
6. Use your SSH client to access the switch using the switch’s IP address
or DNS name (if allowed by your SSH client application). Refer to the
documentation provided with the client application.