Configuring Secure Shell (SSH)
Steps for Configuring and Using SSH for Switch and Client Authentication
Steps for Configuring and Using SSH
for Switch and Client Authentication
For two-way authentication between the switch and an SSH client, you must
use the login (Operator) level.
Table 7-1. SSH Options
Switch
Access
Authentication
Authenticate Authenticate Secondary Switch
Authentication
1
No
1
Level
Primary SSH
Switch Public Key
to SSH Clients?
Client Public Key
to the Switch?
Primary Switch
Password
Authentication
Password
Yes
Operator ssh login rsa Yes local or none
(Login)
ssh login Local Yes No Yes local or none
Level
ssh login TACACS Yes No Yes local or none
ssh login RADIUS Yes No Yes local or none
Manager ssh enable local Yes No Yes local or none
(Enable)
ssh enable tacacs Yes No Yes local or none
Level
ssh enable radius Yes No Yes local or none
1
For ssh login public-key, the switch uses client public-key authentication instead of the switch password options for
primary authentication.
The general steps for configuring SSH include:
A. Client Preparation
1. Install an SSH client application on a management station you want
to use for access to the switch. (Refer to the documentation provided
with your SSH client application.)
2. Optional—If you want the switch to authenticate a client public-key
on the client:
a. Either generate a public/private key pair on the client computer
(if your client application allows) or import a client key pair that
you have generated using another SSH application.
b. Copy the client public key into an ASCII file on a TFTP server
accessible to the switch and download the client public key file to
the switch. (The client public key file can hold up to 10 client keys.)
This topic is covered under
“To Create a Client-Public-Key Text
File” on page 7-23.
7-6
To Next Page
Loading...
