Filter
Top Products
6-19
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
Option B: Configuring the Switch for Client Public-Key SSH
Authentication. If configured with this option, the switch uses its public
key to authenticate itself to a client, but the client must also provide a client
public-key for the switch to authenticate. This option requires the additional
step of copying a client public-key file from a TFTP server into the switch. This
means that before you can use this option, you must:
1. Create a key pair on an SSH client.
2. Copy the client’s public key into a public-key file (which can contain up
to ten client public-keys).
3. Copy the public-key file into a TFTP server accessible to the switch and
download the file to the switch.
(For more on these topics, refer to “Further Information on SSH Client Public-
Key Authentication” on page 6-23.)
Syntax: aaa authentication ssh login < local | tacacs | radius >[< local | none >]
Configures a password method for the primary and second-
ary login (Operator) access. If you do not specify an optional
secondary method, it defaults to none. If the primary pass-
word method is local, you cannot use local for the secondary
password method.
aaa authentication ssh enable < local | tacacs | radius>[< local | none >]
Configures a password method for the primary and second-
ary enable (Manager) access. If you do not specify an
optional secondary method, it defaults to none. If the primary
password method is local, you cannot use local for the sec-
ondary password method.