Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
Note
SSH does not protect the switch from unauthorized access via the web interface, Telnet, SNMP, or the serial port. While web and Telnet access can be restricted by the use of passwords local to the switch, if you are unsure of the security this provides, you may want to disable
5. Configuring the Switch for SSH Authentication
Note that all methods in this section result in authentication of the switch’s public key by an SSH client. However, only Option B, below results in the switch also authenticating the client’s public key. Also, for a more detailed discussion of the topics in this section, refer to “Further Information on SSH Client
Authentication. When configured with this option, the switch uses its public key to authenticate itself to a client, but uses only passwords for client authentication.
Syntax: aaa authentication ssh login < local tacacs radius >[< local none >]
Configures a password method for the primary and secondary login (Operator) access. If you do not specify an optional secondary method, it defaults to none.
aaa authentication ssh enable < local tacacs radius>[< local none >]