Table of Contents
Advertisement
IP
Copy the contents of the public key file to a text file, and save the file with the name
AUTHORIZED_KEYS. (AUTHORIZED_KEYS is case sensitive).
Make sure there is no file extension. In Windows, you may need to save the file
Note:
as a .txt file and then rename the file to remove the extension.
6.5.2.4 Shared Key Authentication
RSA, DSA, and/or username/password authentication can be used to ensure that only authorized users
access the SCS and connected equipment. The following sections explain how to configure each of these.
Following is an example of how public/private key authentication works on the SCS. In this example, RSA
user authentication is used. DSA authentication is similar.
1
The SSH client on the user's computer sends the public half of its identity key to the SCS.
The SCS checks to see if this user's identity key is listed in the AUTHORIZED_KEYS (or
2
AUTHORIZED_KEYS2) file on the SCS.
If the user identity key is not listed in the AUTHORIZED_KEYS file on the SCS, then the
authentication attempt fails. If the identity key is listed, the process continues.
The SSH client then sends the private half of its identity key to the SCS.
3
The SSH compares the private half of the user's identity key to the key stored in the host_rsa_key
4
(or host_dsa_key) file on the SCS.
If the private keys match, the user's identity is confirmed and an SSH connection forms.
5
If RSA or DSA user authentication fails, the SCS prompts for a username and password (or just a password,
if the SSH client forwarded the username). The user's name and password are then checked against the
Radius, Secure ID, or local user databases, in order of their precedence settings. See Changing the
Precedence on page 12-10.
6.5.2.5 Setting up RSA Shared Key Authentication (for SSH v1)
If you plan on using RSA user authentication for connections to the SCS, you must make an
AUTHORIZED_KEYS file and store it in the SCS's /flash/ssh/ directory before you attempt your first
SSH connection. The AUTHORIZED_KEYS file consists of each SSH user's public keys. For example,
on a UNIX host, your public keys are stored in a file called .ssh/identity.pub.
Create a file including the complete text of your identity.pub file, plus the public keys of any other users
you want to authenticate for connections to the SCS. Save it in the SCS's /flash/ssh/ directory as follows:
1
FTP to the IP address of the SCS.
Log in with the usernname of root and enter the privileged password (system by default).
2
Change directories to /flash/ssh/.
3
4
"Put" the AUTHORIZED_KEYS FILE into that directory.
6-12
Establishing Sessions
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the SCS and is the answer not in the manual?
Questions and answers