Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
Syntax: aaa authentication ssh enable < local | tacacs | radius > < local | none >
For example, assume that you have a client public-key file named Client-
Keys.pub (on a TFTP server at 10.33.18.117) ready for downloading to the
switch. For SSH access to the switch you want to allow only clients having a
private key that matches a public key found in Client-Keys.pub. For Manager-
level (enable) access for successful SSH clients you want to use TACACS+ for
primary password authentication and local for secondary password authenti
cation, with a Manager username of "1eader" and a password of "m0ns00n".
To set up this operation you would configure the switch in a manner similar
to the following:
7-22
Configures a password method for the primary and second
ary enable (Manager) access. If you do not specify an
optional secondary method, it defaults to none.
If the primary access method is local, you can only specify
none for a secondary access method.
Note: The configuration of SSH clients' public keys is stored
in flash memory on the switch. You also can save SSH client
public-key configurations to a configuration file by entering
the following commands:
include-credentials
write memory
For more information about saving security credentials, see
"Saving Security Credentials in a Config File" on page 2-10
in this guide.