18CPS Installer/User Guide
Table 3.2: SSH Authentication Methods (Continued)
MethodDescription
SSH connections will be authenticated with either a username/password or an SSH key. If a user has only a password defined, that user must authenticate an SSH session with a username/password. If a user has only an SSH key defined, that user must authenticate an SSH session using the key. If a user has both a password and
PWKEY or KEYPW an SSH key defined, that user may use either a username/password or the SSH key to authenticate an SSH session. This method allows the administrator to define how
each user will authenticate an SSH session based on information provided in the User Add/Set command.
PW authentication will be local, RADIUS or DS as specified in the Auth parameter of the Server Security command. Key authentication is always local.
SSH connections will be authenticated using both a username/password and an SSH key. With this method, a user’s definition must include a password and SSH key
PW&KEY or KEY&PW information for that user to authenticate an SSH session.
PW authentication will be local, RADIUS or DS as specified in the Auth parameter of the Server Security command. Key authentication is always local.
A user’s access rights are determined from the authentication method used. SSH key authentication always uses the access rights from the local user database. Depending on the server authentication method specified with the Server Security command, SSH password authentication will use either the access rights from the local user database, the DSView software server or the values returned by the RADIUS server.
With either of the “or” methods (PWKEY and KEYPW), the user access rights are determined from the method used to authenticate the user.
With either of the “and” methods (PW&KEY and KEY&PW), the user access rights are determined from the first method specified. If PW&KEY is specified, the access rights from the password authentication will be used. If KEY&PW is specified, the access rights from the key authentication will be used.
For more information, see Using Authentication Methods on page 24.
SSH user keys
A user’s SSH key is specified in a User Add or User Set command. You may define a key even if SSH is not currently enabled. The key may be specified in one of two ways:
•When using the SSHKEY and FTPIP keyword pair to define the network location of a user’s SSH key file, the SSHKEY parameter specifies the name of the uuencoded (Unix to Unix encoded) public key file on an FTP server. The maximum file size that can be received is 4K bytes. The FTPIP parameter specifies the FTP server’s IP address.
When this method is specified, the CPS appliance initiates an FTP client request to the specified IP address. The CPS appliance then prompts the user for an FTP username and password for connection. When connected, the CPS appliance will GET the specified key file