C a u t i o n
Enabling Client Public-Key Authentication. After you TFTP a client-
public-key file into the switch (described above), you can configure the switch
to allow the following:
If an SSH client's public key matches an entry in the switch's client-
public-key file, allow that client access to the switch. If there is not a
public-key match, then deny access to that client.
If an SSH client's public key does not have a match in the switch's
client-public-key file, allow the client access if the user can enter the
switch's login (Operator) password. (If the switch does not have an
Operator password, then deny access to that client.)
To configure client public-key authentication to block SSH clients whose
public keys are not in the client-public-key file, you must configure the Login
Secondary as none. Otherwise, the switch allows such clients to attempt
access using the switch's Operator password.
Syntax: aaa authentication ssh login public-key none
Allows SSH client access only if the switch detects a match
between the client's public key and an entry in the client-
public-key file most recently copied into the switch.
Further Information on SSH Client Public-Key Authentication
Configuring Secure Shell (SSH)