Table of Contents
Advertisement
24
CCM840/1640 Installer/User Guide
Authenticating an SSH user
SSH is enabled and disabled with the Server SSH command. When you enable
SSH, you may specify the authentication method(s) that will be used for SSH
connections. The method may be a password, an SSH key or both. A user's
password and SSH key are specified with a User Add or User Set command. All
SSH keys must be RSA keys. DSA keys are not supported.
The following table lists and describes the valid SSH authentication methods
that may be specified with a Server SSH command.
SSH Authentication Methods
Method
Description
PW (default)
SSH connections will be authenticated with a username/
password. With this method, a user's defi nition must include
a valid password in order for that user to authenticate an SSH
session. A password may authenticate to a RADIUS server or to
the local user database.
KEY
SSH connections will be authenticated with an SSH key. With this
method, a user's defi nition must include valid SSH key information
in order for that user to authenticate an SSH session. Key
authentication is always local; RADIUS is not supported. For more
information, see SSH user keys in this chapter.
PW|KEY or KEY|PW
SSH connections will be authenticated with either a username/
password or an SSH key. If a user has only a password defi ned, that
user must authenticate an SSH session with a username/password.
If a user has only an SSH key defi ned, that user must authenticate
an SSH session using the key. If a user has both a password and an
SSH key defi ned, that user may use either a username/password or
the SSH key to authenticate an SSH session. This method allows the
CCM administrator to defi ne how each user will authenticate an SSH
session based on information provided in the User Add/Set command.
PW authentication will be local or RADIUS as specifi ed in the Auth
parameter of the Server Security command. Key authentication is
always local.
PW&KEY or KEY&PW SSH connections will be authenticated using both a username/
password and an SSH key. With this method, a user's defi nition
must include a password and SSH key information for that user to
authenticate an SSH session.
PW authentication will be local or RADIUS as specifi ed in the Auth
parameter of the Server Security command. Key authentication is
always local.
A user's access rights are determined from the authentication method used.
SSH key authentication always uses the access rights from the local user
database. Depending on the server authentication mode specified with the
Advertisement
Table of Contents
