Configuring Secure Shell (SSH)

Further Information on SSH Client Public-Key Authentication

To Create a Client-Public-Key Text File. These steps describe how to copy client-public-keys into the switch for challenge-response authentication, and require an understanding of how to use your SSH client application.

Bit Size

 

Exponent <e>

 

Modulus <n>

 

Comment

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Figure 6-13. Example of a Client Public Key

Notes

 

Comments in public key files, such as smith@support.cairns.com in figure 6-13,

 

 

may appear in a SSH client application’s generated public key. While such

 

 

comments may help to distinguish one key from another, they do not pose any

 

 

restriction on the use of a key by multiple clients and/or users.

 

 

Public key illustrations such as the key shown in figure 6-13 usually include

 

 

line breaks as a method for showing the whole key. However, in practice, line

 

 

breaks in a public key will cause errors resulting in authentication failure.

 

 

1. Use your SSH client application to create a public/private key pair. Refer

 

 

 

 

to the documentation provided with your SSH client application for

 

 

details. The switch supports the following client-public-key properties:

 

 

Property

Supported Comments

 

Value

 

 

 

Key Format

ASCII

Key Type

RSA or

 

DSA

Maximum Supported

3072 bits

Public Key Length

 

Maximum Host Key

RSA:

Sizes In Bits

1024, 2048,

 

3072

 

DSA:

 

1024

See figure 6-7 on page 6-14. The key must be one unbroken ASCII string. If you add more than one client-public-key to a file, terminate each key (except the last one) with a <CR><LF>. Spaces are allowed within the key to delimit the key’s components. Note that, unlike the use of the switch’s public key in an SSH client application, the format of a client-public-key used by the switch does not include the client’s IP address.

You can choose either RSA or DSA key types when using the crypto key generate ssh command. The cert and autorun parameters only use RSA key types.

Shorter key lengths allow faster operation, but also mean diminished security.

Includes the bit size, public index, modulus, any comments, <CR>, <LF>, and all blank spaces.

If necessary, you can use an editor application to verify the size of a key. For example, placing a client-public-key into a Word for Windows text file and clicking on File Properties Statistics, lets you view the number of characters in the file, including spaces.

6-26