Enhancements in Release F.04.08

Configuring Secure Shell (SSH)

keys by default, check the application software for a key conversion utility or use a third-party key conversion utility.

 

 

 

 

 

 

 

 

Beginning of actual SSHv2 public

 

 

Comment describing

 

 

 

public key identity.

 

key in PEM-Encoded ASCII format.

 

 

 

 

 

 

Figure 28. Example of Public Key in PEM-Encoded ASCII Format Common for SSHv2 Clients

 

 

 

 

 

 

Key Size

 

Key Size

 

Modulus

 

 

 

 

 

 

 

Figure 29. Example of Public Key in Non-Encoded ASCII Format (Common for SSHv1 Client Applications)

Steps for Configuring and Using SSH for Switch and Client Authentication

For two-way authentication between the switch and an SSH client, you must use the login (Operator) level.

Table 7.

SSH Options

 

 

 

 

 

 

 

 

 

 

Switch

Primary SSH

Authenticate

Authenticate

Primary Switch

SecondarySwitch

Access

Authentication

Switch Public Key

ClientPublicKey

Password

Password

Level

 

to SSH Clients?

to the Switch?

Authentication

Authentication

Operator

ssh login rsa

Yes

Yes1

No1

local or none

(Login)

ssh login Local

Yes

No

Yes

local or none

Level

 

 

 

 

 

 

ssh login TACACS

Yes

No

Yes

local or none

 

ssh login RADIUS

Yes

No

Yes

local or none

 

 

 

 

 

 

Manager

ssh enable local

Yes

No

Yes

local or none

(Enable)

ssh enable tacacs

Yes

No

Yes

local or none

Level

 

 

 

 

 

 

ssh enable radius

Yes

No

Yes

local or none

1For ssh login rsa, the switch uses client public-key authentication instead of the switch password options for primary authentication.

81