24CCM840/1640 Installer/User Guide

Authenticating an SSH user

SSH is enabled and disabled with the Server SSH command. When you enable SSH, you may specify the authentication method(s) that will be used for SSH connections. The method may be a password, an SSH key or both. A user’s password and SSH key are specified with a User Add or User Set command. All SSH keys must be RSA keys. DSA keys are not supported.

The following table lists and describes the valid SSH authentication methods that may be specified with a Server SSH command.

SSH Authentication Methods

Method

Description

PW (default)

SSH connections will be authenticated with a username/

 

password. With this method, a user’s defi nition must include

 

a valid password in order for that user to authenticate an SSH

 

session. A password may authenticate to a RADIUS server or to

 

the local user database.

 

 

KEY

SSH connections will be authenticated with an SSH key. With this

 

method, a user’s defi nition must include valid SSH key information

 

in order for that user to authenticate an SSH session. Key

 

authentication is always local; RADIUS is not supported. For more

 

information, see SSH user keys in this chapter.

 

 

PWKEY or KEYPW

SSH connections will be authenticated with either a username/

 

password or an SSH key. If a user has only a password defi ned, that

 

user must authenticate an SSH session with a username/password.

 

If a user has only an SSH key defi ned, that user must authenticate

 

an SSH session using the key. If a user has both a password and an

 

SSH key defi ned, that user may use either a username/password or

 

the SSH key to authenticate an SSH session. This method allows the

 

CCM administrator to defi ne how each user will authenticate an SSH

 

session based on information provided in the User Add/Set command.

 

PW authentication will be local or RADIUS as specifi ed in the Auth

 

parameter of the Server Security command. Key authentication is

 

always local.

 

 

PW&KEY or KEY&PW

SSH connections will be authenticated using both a username/

 

password and an SSH key. With this method, a user’s defi nition

 

must include a password and SSH key information for that user to

 

authenticate an SSH session.

 

PW authentication will be local or RADIUS as specifi ed in the Auth

 

parameter of the Server Security command. Key authentication is

 

always local.

 

 

A user’s access rights are determined from the authentication method used. SSH key authentication always uses the access rights from the local user database. Depending on the server authentication mode specified with the