6 ssh keys – Allied Telesis AT-WR4500 User Manual

AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

149

RouterOS v3 Configuration and User Guide

use-radius (yes | no; default: no) - specifies whether a user database on a RADIUS server should be
consulted

The RADIUS user database is queried only if the required username is not found in the local user
database

Example

To enable RADIUS AAA, enter the following command:

[admin@AT-WR4562] user aaa> set use-radius=yes
[admin@AT-WR4562] user aaa> print
use-radius: yes
accounting: yes
interim-update: 0s
default-group: read
[admin@AT-WR4562] user aaa>

7.3.6

SSH keys

Submenu level: /user ssh-keys

Description

Remote users may be allowed to log in without using password authentication and even ever entering
their password, but by using pregenerated DSA openssh SSH keys instead. Note that if you use puttygen,
convert generated keys to right type.

Property Description

key-owner (read-only: text) - emote user, as specified in the key file
user (name) - the user that is allowed to log in using this key (must exist in the user list)

Command Description

import - import the uploaded DSA key
user - the user the imported key is linked to
file - filename of the DSA key to import

Example

Generating key on a linux machine:

sh-3.00$ ssh-keygen -t dsa -f ./id_dsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ./id_dsa.
Your public key has been saved in ./id_dsa.pub.
The key fingerprint is:
91:d7:08:be:b6:a1:67:5e:81:02:cb:4d:47:d6:a0:3b admin-ssh@test

Importing the generated (ang uploaded) key:

[admin@AT-WR4562] user ssh-keys> print
# USER KEY-OWNER
[admin@AT-WR4562] user ssh-keys> import file=id_dsa.pub user=admin-ssh
[admin@AT-WR4562] user ssh-keys> print
# USER KEY-OWNER
0 admin-ssh admin-ssh@test
[admin@AT-WR4562] user ssh-keys>