Configuring Secure Shell (SSH)

Steps for Configuring and Using SSH for Switch and Client Authentication

Steps for Configuring and Using SSH for Switch and Client Authentication

For two-way authentication between the switch and an SSH client, you must use the login (Operator) level.

Table 6-1.SSH Options

 

 

 

 

 

 

 

 

 

 

Switch

Primary SSH

Authenticate

Authenticate

Primary Switch

Secondary Switch

Access

Authentication

Switch Public Key

Client Public Key

Password

Password

Level

 

to SSH Clients?

to the Switch?

Authentication

Authentication

Operator

ssh login rsa

Yes

Yes1

No1

local or none

(Login)

ssh login Local

Yes

No

Yes

none

Level

ssh login TACACS

Yes

No

Yes

local or none

 

 

ssh login RADIUS

Yes

No

Yes

local or none

 

 

 

 

 

 

Manager

ssh enable local

Yes

No

Yes

none

(Enable)

ssh enable tacacs

Yes

No

Yes

local or none

Level

ssh enable radius

Yes

No

Yes

local or none

 

1For ssh login public-key, the switch uses client public-key authentication instead of the switch password options for primary authentication.

The general steps for configuring SSH include:

A. Client Preparation

1.Install an SSH client application on a management station you want to use for access to the switch. (Refer to the documentation provided with your SSH client application.)

2.Optional—If you want the switch to authenticate a client public-key on the client:

a.Either generate a public/private key pair on the client computer (if your client application allows) or import a client key pair that you have generated using another SSH application.

b.Copy the client public key into an ASCII file on a TFTP server accessible to the switch and download the client public key file to the switch. (The client public key file can hold up to ten client keys.) This topic is covered under “To Create a Client-Public-Key Text File” on page 6-24.

6-6