4-25
Configuring Secure Shell (SSH)
MoreInformation on SSH Client Public-Key Authentication
For example, if you wanted to copy a client public-key file named clientkeys.txt
from a TFTP server at 10.38.252.195 and then display the file contents:
Figure 4-16. Example of Copying and Displaying a Client Public-Key File Containing Two Client Public Keys
Replacing or Clearing the Public Key File. The client public-key file
remains in the switch’s flash memory even if you erase the startup-config file,
reset the switch, or reboot the switch.
You can replace the existing client public-key file by copying a new
client public-key file into the switch
You can remove the existing client public-key file by executing the
clear public-key command.
Syntax: clear public-key
Deletes the client-public-key from the switch.
For example:
HPswitch(config)# clear public-key
HPswitch(config)# show ip client-public-key
show_client_public_key: cannot stat keyfile
Clearing the public key file removes file from flash memory, and does not
require a write memory command to make the change permanent.
Enabling Client Public-Key Authentication. After you TFTP a client-
public-key file into the switch (described above), you can configure the switch
to allow one of the following:
If an SSH client’s public key matches the switch’s client-public-key
file, allow that client access to the switch. If there is not a public-key
match, then deny access to that client.
If an SSH client’s public key does not have a match in the switch’s
client-public-key file, allow the client access if the user can enter the
switch’s login (Operator) password. (If the switch does not have an
Operator password, then deny access to that client.
!FishSecurity.book Page 25 Thursday, October 10, 2002 9:19 PM
To Next Page
Loading...
