Table of Contents
Advertisement
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
8-22
Syntax: aaa authentication ssh enable < local | tacacs | radius > < local | none >
Configures a password method for the primary and second-
ary enable (Manager) access. If you do not specify an
optional secondary method, it defaults to none.
If the primary access method is local, you can only specify
none for a secondary access method.
Note: The configuration of SSH clients' public keys is stored
in flash memory on the switch. You also can save SSH client
public-key configurations to a configuration file by entering
the following commands:
include-credentials
write memory
For more information about saving security credentials to
a configuration file, see "Saving Security Credentials in a
Config File" on page 2-10 in this guide.
For example, assume that you have a client public-key file named Client-
Keys.pub (on a TFTP server at 10.33.18.117) ready for downloading to the
switch. For SSH access to the switch you want to allow only clients having a
private key that matches a public key found in Client-Keys.pub. For Manager-
level (enable) access for successful SSH clients you want to use TACACS+ for
primary password authentication and local for secondary password authenti-
cation, with a Manager username of "1eader" and a password of "m0ns00n".
To set up this operation you would configure the switch in a manner similar
to the following:
Hide quick links:
Advertisement
Table of Contents
