Step 4: create ssh users, Step 5: set up authentication – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Secure Shell (SSH) Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

53.3

Step 4:

Create SSH users.

In order to connect and execute commands, you must register users in the SSH user
database, and in the User Authentication Database of the device.

To create the users john and asuka in the User Authentication Database, use the
commands:

To register john and asuka as SSH clients, use the commands:

To register “manager” as an SSH client so that can only connect from the IP address
192.168.1.1, use the command:

Step 5:

Set up Authentication.

SSH users cannot connect unless the server can authenticate them. There are two ways to
authenticate an SSH session: password authentication, and RSA or DSA private/public key
authentication. When using password authentication, the user must supply their User
Authentication Database password.

To use private/public key authentication, copy the public keys for each user onto the
device. To copy the files onto flash from the key directory of an attached TFTP server, use
the command:

To associate the key file with each user, use the command:

awplus#

configure terminal

awplus(config)#

username john privilege 15 password secret

awplus(config)#

username asuka privilege 15 password
very-secret

awplus(config)#

ssh server allow-users john

awplus(config)#

ssh server allow-users asuka

awplus(config)#

ssh server allow-users manager 192.168.1.1

awplus#

copy tftp://key/john.pub flash:/john.pub

awplus#

copy tftp://key/asuka.pub flash:/asuka.pub

awplus#

configure terminal

awplus(config)#

crypto key pubkey-chain userkey john john.pub

awplus(config)#

crypto key pubkey-chain userkey asuka
asuka.pub

awplus(config)#

crypto key pubkey-chain userkey manager
manager.pub