Table of Contents
Advertisement
Configuring Secure Shell (SSH)
Further Information on SSH Client Public-Key Authentication
C a u t i o n
8-30
Replacing or Clearing the Public Key File. The client public-key file
remains in the switch's flash memory even if you erase the startup-config file,
reset the switch, or reboot the switch.
You can remove the existing client public-key file or specific keys by
■
executing the clear crypto public-key command. This clears the public
keys from both management modules. The module that is not active
must be in standby mode.
Syntax: clear crypto public-key
Deletes the client-public-key file from the switch.
Syntax: clear crypto public-key 3
Deletes the entry with an index of 3 from the
client-public-key file on the switch.
Enabling Client Public-Key Authentication. After you TFTP a client-
public-key file into the switch (described above), you can configure the switch
to allow the following:
If an SSH client's public key matches the switch's client-public-key
■
file, allow that client access to the switch. If there is not a public-key
match, then deny access to that client.
Syntax: aaa authentication ssh login public-key none
Allows SSH client access only if the switch detects a match
between the client's public key and an entry in the client-
public-key file most recently copied into the switch.
To enable client public-key authentication to block SSH clients whose public
keys are not in the client-public-key file copied into the switch, you must
configure the Login Secondary as none. Otherwise, the switch allows such
clients to attempt access using the switch's Operator password.
Hide quick links:
Advertisement
Table of Contents
