C
HAPTER
24
| Authentication Commands
Secure Shell
– 841 –
c. If a match is found, the switch uses its secret key to generate
a random 256-bit string as a challenge, encrypts this string
with the user’s public key, and sends it to the client.
d. The client uses its private key to decrypt the challenge string,
computes the MD5 checksum, and sends the checksum back
to the switch.
e. The switch compares the checksum sent from the client
against that computed for the original string it sent. If the two
check sums match, this means that the client's private key
corresponds to an authorized public key, and the client is
authenticated.
Authenticating SSH v2 Clients
a. The client first queries the switch to determine if DSA public
key authentication using a preferred algorithm is acceptable.
b. If the specified algorithm is supported by the switch, it notifies
the client to proceed with the authentication process.
Otherwise, it rejects the request.
c. The client sends a signature generated using the private key
to the switch.
d. When the server receives this message, it checks whether the
supplied key is acceptable for authentication, and if so, it then
checks whether the signature is correct. If both checks
succeed, the client is authenticated.
N
OTE
:
The SSH server supports up to four client sessions. The maximum
number of client sessions includes both current Telnet sessions and SSH
sessions.
N
OTE
:
The SSH server can be accessed using any configured IPv4 or IPv6
interface address on the switch.
ip ssh
authentication-
retries
This command configures the number of times the SSH server attempts to
reauthenticate a user. Use the no form to restore the default setting.
SYNTAX
ip ssh authentication-retries count
no ip ssh authentication-retries
count – The number of authentication attempts permitted after
which the interface is reset. (Range: 1-5)
DEFAULT SETTING
3
COMMAND MODE
Global Configuration
To Next Page
Loading...
Need help?
General
