24CCM840/1640 Installer/User Guide
Authenticating an SSH user
SSH is enabled and disabled with the Server SSH command. When you enable SSH, you may specify the authentication method(s) that will be used for SSH connections. The method may be a password, an SSH key or both. A user’s password and SSH key are specified with a User Add or User Set command. All SSH keys must be RSA keys. DSA keys are not supported.
The following table lists and describes the valid SSH authentication methods that may be specified with a Server SSH command.
SSH Authentication MethodsMethod | Description |
PW (default) | SSH connections will be authenticated with a username/ |
| password. With this method, a user’s defi nition must include |
| a valid password in order for that user to authenticate an SSH |
| session. A password may authenticate to a RADIUS server or to |
| the local user database. |
|
|
KEY | SSH connections will be authenticated with an SSH key. With this |
| method, a user’s defi nition must include valid SSH key information |
| in order for that user to authenticate an SSH session. Key |
| authentication is always local; RADIUS is not supported. For more |
| information, see SSH user keys in this chapter. |
|
|
PWKEY or KEYPW | SSH connections will be authenticated with either a username/ |
| password or an SSH key. If a user has only a password defi ned, that |
| user must authenticate an SSH session with a username/password. |
| If a user has only an SSH key defi ned, that user must authenticate |
| an SSH session using the key. If a user has both a password and an |
| SSH key defi ned, that user may use either a username/password or |
| the SSH key to authenticate an SSH session. This method allows the |
| CCM administrator to defi ne how each user will authenticate an SSH |
| session based on information provided in the User Add/Set command. |
| PW authentication will be local or RADIUS as specifi ed in the Auth |
| parameter of the Server Security command. Key authentication is |
| always local. |
|
|
PW&KEY or KEY&PW | SSH connections will be authenticated using both a username/ |
| password and an SSH key. With this method, a user’s defi nition |
| must include a password and SSH key information for that user to |
| authenticate an SSH session. |
| PW authentication will be local or RADIUS as specifi ed in the Auth |
| parameter of the Server Security command. Key authentication is |
| always local. |
|
|
A user’s access rights are determined from the authentication method used. SSH key authentication always uses the access rights from the local user database. Depending on the server authentication mode specified with the