Using SSH with Public Key Authentication
1. Enable SSH:
2. Import the public key file using SFTP or TFTP for the admin user account::
3. Configure a maximum number of 3 failed public key authentication attempts
before the system reverts to password‐based authentication:
© Copyright Lenovo 2016
SSH can also be used for switch authentication based on asymmetric cryptography.
Public encryption keys can be uploaded on the switch and used to authenticate
incoming login attempts based on the clients' private encryption key pairs. After a
predefined number of failed public key login attempts, the switch reverts to
password‐based authentication.
To set up public key authentication:
RS G8264(config)# ssh enable
RS G8264(config)# copy {sftp|tftp} publickey
Port type ["DATA"/"MGT"]: mgt
Address or name of remote host: 9.43.101.151
Source file name: 11.key
Username of the public key: admin
Confirm download operation (y/n) ? y
Notes:
When prompted to input a username, a valid user account name must be
entered. If no username is entered, the key is stored on the switch, and can be
assigned to a user account later.
A user account can have up to 100 public keys set up on the switch.
RS G8264(config)# ssh maxauthattempts 3
Once the public key is configured on the switch, the client can use SSH to login
from a system where the private key pair is set up:
# ssh <switch IP address>
Chapter 1: Switch Administration
39