Table of Contents
Advertisement
| Authentication Commands
C
28
HAPTER
Secure Shell
Table 106: Secure Shell Commands (Continued)
Command
Function
show ssh
Displays the status of current SSH sessions
show users
Shows SSH users, including privilege level and public
key type
Configuration Guidelines
The SSH server on this switch supports both password and public key
authentication. If password authentication is specified by the SSH client,
then the password can be authenticated either locally or via a RADIUS or
TACACS+ remote authentication server, as specified by the
login
command. If public key authentication is specified by the client, then
you must configure authentication keys on both the client and the switch
as described in the following section. Note that regardless of whether you
use public key or password authentication, you still have to generate
authentication keys on the switch and enable the SSH server.
To use the SSH server, complete these steps:
Generate a Host Key Pair – Use the
1.
command to create a host public/private key pair.
Provide Host Public Key to Clients – Many SSH client programs
2.
automatically import the host public key during the initial connection
setup with the switch. Otherwise, you need to manually create a known
hosts file on the management station and place the host public key in
it. An entry for a public key in the known hosts file would appear similar
to the following example:
10.1.0.54 1024 35
15684995401867669259333946775054617325313674890836547254
15020245593199868544358361651999923329781766065830956
10825913212890233765468017262725714134287629413011961955667825
95664104869574278881462065194174677298486546861571773939016477
93559423035774130980227370877945452408397175264635805817671670
9574804776117
Import Client's Public Key to the Switch – Use the
3.
command to copy a file containing the public key for all the SSH client's
granted management access to the switch. (Note that these clients
must be configured locally on the switch with the
The clients are subsequently authenticated using these keys. The
current firmware only accepts public key files based on standard UNIX
format as shown in the following example for an RSA key:
1024 35
13410816856098939210409449201554253476316419218729589211431738
80055536161631051775940838686311092912322268285192543746031009
37187721199696317813662774141689851320491172048303392543241016
37997592371449011938006090253948408482717819437228840253311595
2134861022902978982721353267131629432532818915045306393916643
steve@192.168.1.19
– 1058 –
authentication
ip ssh crypto host-key generate
copy tftp public-key
username
Mode
PE
PE
command.)
Advertisement
Chapters
Table of Contents
