Table of Contents
Advertisement
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
C a u t i o n
Figure 6-12. Configuring for SSH Access Requiring a Client Public-Key Match and Manager Passwords
6-20
To allow SSH access only to clients having the correct public key, you must
configure the secondary (password) method for login public-key to none.
Otherwise a client without the correct public key can still gain entry by
submitting a correct local login password.
Syntax: aaa authentication ssh enable < local | tacacs | radius > < local | none >
Configures a password method for the primary and second
ary enable (Manager) access. If you do not specify an
optional secondary method, it defaults to none.
For example, assume that you have a client public-key file named Client-
Keys.pub (on a TFTP server at 10.33.18.117) ready for downloading to the
switch. For SSH access to the switch you want to allow only clients having a
private key that matches a public key found in Client-Keys.pub. For Manager-
level (enable) access for successful SSH clients you want to use TACACS+ for
primary password authentication and local for secondary password authenti
cation, with a Manager username of "1eader" and a password of "m0ns00n".
To set up this operation you would configure the switch in a manner similar
to the following:
Copies a public key file
named "Client-Keys.pub"
into the switch.
Configures Manager user-
name and password.
Configures the primary and
secondary password methods for
Manager (enable) access. (Becomes
available after SSH access is granted
Configures the
switch to allow
SSH access only a
client whose
public key
matches one of the
keys in the public
key file
Hide quick links:
Advertisement
Table of Contents
