Configuring Secure Shell (SSH)

Further Information on SSH Client Public-Key Authentication

Notes

 

Comments in public key files, such as smith@support.cairns.com in figure 4-15,

 

 

may appear in a SSH client application’s generated public key. While such

 

 

comments may help to distinguish one key from another, they do not pose

 

 

any restriction on the use of a key by multiple clients and/or users.

 

 

Public key illustrations such as the key shown in figure 4-15usually include

 

 

line breaks as a method for showing the whole key. However, in practice, line

 

 

breaks in a public key will cause errors resulting in authentication failure.

 

 

1. Use your SSH client application to create a public/private key pair. Refer

 

 

 

 

to the documentation provided with your SSH client application for

 

 

details. The switch supports the following client-public-key properties:

 

 

 

Property

Supported

Comments

 

Value

 

 

 

 

Key Format

ASCII

See figure 4-9on page 4-13.The key must be one unbroken ASCII string. If you add

 

 

 

more than one client-public-key to a file, terminate each key (except the last one)

 

 

 

with a <CR><LF>. Spaces are allowed within the key to delimit the key’s components.

 

 

 

Note that, unlike the use of the switch’s public key in an SSH client application, the

 

 

 

format of a client-public-key used by the switch does not include the client’s IP

 

 

 

address.

Key Type

RSA only

 

Maximum Supported

3072 bits

Shorter key lengths allow faster operation, but also mean diminished security.

Public Key Length

 

 

 

Maximum Key Size

1024

Includes the bit size, public index, modulus, any comments, <CR>, <LF>, and all blank

 

characters

spaces.

 

 

 

If necessary, you can use an editor application to verify the size of a key. For example,

 

 

 

placing a client-public-key into a Word for Windows text file and clicking on File

 

 

 

Properties Statistics, lets you view the number of characters in the file, including

 

 

 

spaces.

 

 

 

 

2. Copy the client’s public key into a text file (filename.txt). (For example, you can use the Notepad editor included with the Microsoft® Windows® software. If you want several clients to use client public-key authentica- tion, copy a public key for each of these clients (up to ten) into the file. Each key should be separated from the preceding key by a <CR><LF>.

3.Copy the client-public-key file into a TFTP server accessible to the switch.

Copying a client-public-key into the switch requires the following:

One or more client-generated public keys. Refer to the documentation provided with your SSH client application.

A copy of each client public key (up to ten) stored in a single text file or individual on a TFTP server to which the switch has access. Terminate all client public-keys in the file except the last one with a <CR><LF>.

4-24