Syntax: copy tftp pub-key-file < ipv4-address | ipv6-address > < filename >
Copies a public key file into the switch.
aaa authentication ssh login public-key
Configures the switch to authenticate a client public-key at
the login level with an optional secondary password method
(default: none).
Syntax: aaa authentication ssh enable < local | tacacs | radius | public-key > < local
| none | authorized>
Configures a password method for the primary and second
ary enable (Manager) access. If you do not specify an
optional secondary method, it defaults to none.
If the primary access method is local, you can only specify
none for a secondary access method.
The authorized option allows access without authentication.
Note: The configuration of SSH clients' public keys is stored
in flash memory on the switch. You also can save SSH client
public-key configurations to a configuration file by entering
the following commands:
include-credentials
write memory
For more information about saving security credentials to
a configuration file, see "Saving Security Credentials in a
Config File" on page 2-10 in this guide.
For example, assume that you have a client public-key file named Client-
Keys.pub (on a TFTP server at 10.33.18.117) ready for downloading to the
switch. For SSH access to the switch you want to allow only clients having a
private key that matches a public key found in Client-Keys.pub. For Manager-
level (enable) access for successful SSH clients you want to use TACACS+ for
primary password authentication and local for secondary password authenti
cation, with a Manager username of "1eader" and a password of "m0ns00n".
To set up this operation you would configure the switch in a manner similar
to the following:
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
7-21