4-24
Configuring Secure Shell (SSH)
MoreInformation on SSH Client Public-Key Authentication
2. Copy the client’s public key (in ASCII, non-encoded format) into a text file
(filename.txt). (For example, you can use the Notepad editor included with
the Microsoft® Windows® software. If you want several clients to use
client public-key authentication, copy a public key for each of these
clients (up to ten) into the file. Each key should be separated from the
preceding key by a <CR><LF>.
3. Copy the client-public-key file into a TFTP server accessible to the switch.
Copying a client-public-key into the switch requires the following:
One or more client-generated public keys in non-encoded ASCII
format. If you are using an SSHv2 client application, a client may
encode its public key in PEM format. To use the client public-key
feature, you will need to convert the key to a non-encoded ASCII
format. Refer to the documentation provided with your SSH client
application.
A copy of each client public key (up to ten) stored in a single text file
on a TFTP server to which the switch has access. (The text file should
contain all client public keys for the clients you want to have access
to the switch.) Terminate all client public-keys in the file except the
last one with a <CR><LF>.
Note on Public
Keys
The actual content of a public key entry in a public key file is determined by
the SSH client application generating the key. (Although you can manually add
or edit any comments the client application adds to the end of the key, such
as the smith@fellow at the end of the key in figure 4-15 on page 4-23.)
The file on the TFTP server must contain non-encoded ASCII text of each
public key you want copied. Also, the file must be a text file (such as
filename.txt).
Syntax: copy tftp pub-key-file <ip-address> <filename>
Copies a public key file from a TFTP server into flash
memory in the switch.
show ip client-public-key [ babble | fingerprint ]
Displays the client public key(s) in the switch’s current
client-public-key file.
The babble option converts the key data to a phonetic
hash that is easier for visual comparisons.
The fingerprint option converts the key data to a hexa-
decimal hash for the same purpose.
!FishSecurity.book Page 24 Thursday, October 10, 2002 9:19 PM
To Next Page
Loading...
Need help?
General
