Introduction Configuring SSH
Software Reference for SwitchBlade x3100 Series Switches (Access and Security)
6-138
Note: The default for each is ‘password’, meaning a password is required for login. If both ALLOWEDAUTH
and REQUIREDAUTH parameters have a value, the REQUIREDAUTH parameter takes precedence
The user can use two methods for enabling SSH:
• Host-based access (user supplies his/her own password and uses the public key from the SBx3112).
• Client-based access (user may or may not have to provide a password, but the SBx3112 uses the client pub-
lic key for authentication).
When using the host-based authentication approach, you just need to have the hostkey defined and have
REQUIREDAUTH set, at a minimum, to ‘password’. After that, the client will authenticate using the host key
and will require the user to enter a password
When using a client-based authentication approach, the REQUIREDAUTH must be equal to publickey.
Adding a user involves:
• Generating and downloading the user’s public key
• Adding the key to the server’s key database
• Adding and configuring the user account
The user’s public key can be created externally, downloaded to the server with the GET FILE command, and
then added to the server’s key database with the CREATE SSH KEY command. The user account is then cre-
ated with the ADD USER command. Once the user account is created, the Security Officer can modify the
user account settings with the SET USER command. Users can modify their password with the SET PASS-
WORD command.
6.10.2.3 Configuration Procedure
The following procedure shows the commands used to configure SSH.
TABLE 6-21 Configuration procedure for SSH
Step Command Description
Create the HOST KEY with the name master and with a length of 512 bits. Describe it as the SSH Master Key.
1
CREATE SSH KEY=master LENGTH=512
TYPE=3DESCBC
DESCRIPTION=”SSH Master Host key”
Enable the SSH Server and assign to it the HOST KEY
2
ENABLE SSH SERVER HOSTKEY=master
Configure authentication to use a password and , if desired, a public key (for client-based access).
To Next Page
Loading...
