RUGGEDCOM ROX II
CLI User Guide
•
Section 6.7.2, "Managing User Authentication Keys"
•
Section 6.7.3, "Managing RADIUS Authentication"
•
Section 6.7.4, "Configuring TACACS+ Authentication"
Section 6.7.1
Setting the User Authentication Mode
The user authentication mode controls whether user log in attempts are authenticated locally, by a RADIUS server,
or by a TACACS+ server.
To set the authentication mode, type:
admin authentication mode [ localonly | radius_local | radius_then_local | tacacsplus_local |
tacacsplus_only ]
• If localonly is selected, users will be authenticated locally, regardless of whether or not a RADIUS server has
been configured.
• If radius_local is selected, users will be authenticated against the configured RADIUS server. If the RADIUS
server is unreachable, users will be authenticated locally.
• If radius_then_local is selected, users will be authenticated first against the configured RADIUS server. If the
user cannot be authenticated, they will then be authenticated locally.
• If tacacsplus_local is selected, users will be authenticated against the configured TACACS+ server. If the user
cannot be authenticated, they will then be authenticated locally.
• If tacacsplus_onlyis selected, users will be authenticated against the configured TACACS+ server. If the user
cannot be authenticated, authentication is considered failed and no further authentication is attempted.
Section 6.7.2
Managing User Authentication Keys
A user authentication key is the public key in an SSH key pair. When using a RUGGEDCOM ROX II user account
associated with an authentication key, users can access the device via Secure Shell (SSH) without having to
provide a password/passphrase, as long as their workstation holds the matching private key.
IMPORTANT!
RUGGEDCOM ROX II only accepts SSH2 RSA public keys. SSH1 or DSA keys are not supported.
CONTENTS
•
Section 6.7.2.1, "Determining Which Keys are Associated to a User"
•
Section 6.7.2.2, "Adding a User Authentication Key"
•
Section 6.7.2.3, "Deleting a User Authentication Key"
•
Section 6.7.2.4, "Associating/Disassociating a User Authentication Key"
Setting the User Authentication Mode
Chapter 6
Security
135