beautypg.com

LevelOne GTL-2691 User Manual

Page 890

background image

C

HAPTER

28

| Authentication Commands

Secure Shell

– 890 –

Configuration Guidelines

The SSH server on this switch supports both password and public key

authentication. If password authentication is specified by the SSH client,

then the password can be authenticated either locally or via a RADIUS or

TACACS+ remote authentication server, as specified by the

authentication

login

command. If public key authentication is specified by the client, then

you must configure authentication keys on both the client and the switch

as described in the following section. Note that regardless of whether you

use public key or password authentication, you still have to generate

authentication keys on the switch and enable the SSH server.

To use the SSH server, complete these steps:

1.

Generate a Host Key Pair – Use the

ip ssh crypto host-key generate

command to create a host public/private key pair.

2.

Provide Host Public Key to Clients – Many SSH client programs
automatically import the host public key during the initial connection

setup with the switch. Otherwise, you need to manually create a known

hosts file on the management station and place the host public key in

it. An entry for a public key in the known hosts file would appear similar

to the following example:

10.1.0.54 1024 35
15684995401867669259333946775054617325313674890836547254
15020245593199868544358361651999923329781766065830956

10825913212890233765468017262725714134287629413011961955667825
95664104869574278881462065194174677298486546861571773939016477
93559423035774130980227370877945452408397175264635805817671670

9574804776117

3.

Import Client’s Public Key to the Switch – Use the

copy

tftp public-key

command to copy a file containing the public key for all the SSH client’s

granted management access to the switch. (Note that these clients

must be configured locally on the switch with the

username

command.)

The clients are subsequently authenticated using these keys. The

current firmware only accepts public key files based on standard UNIX

format as shown in the following example for an RSA key:

1024 35
13410816856098939210409449201554253476316419218729589211431738

80055536161631051775940838686311092912322268285192543746031009
37187721199696317813662774141689851320491172048303392543241016
37997592371449011938006090253948408482717819437228840253311595

2134861022902978982721353267131629432532818915045306393916643
[email protected]

show ssh

Displays the status of current SSH sessions

PE

show users

Shows SSH users, including privilege level and public

key type

PE

Table 77: Secure Shell Commands (Continued)

Command

Function

Mode