beautypg.com

Microsens MS453490M Management Guide User Manual

Page 290

background image

C

HAPTER

14

| Security Measures

Configuring the Secure Shell

– 290 –

C

OMMAND

U

SAGE

The SSH server on this switch supports both password and public key

authentication. If password authentication is specified by the SSH client,

then the password can be authenticated either locally or via a RADIUS or

TACACS+ remote authentication server, as specified on the System

Authentication page (

page 259

). If public key authentication is specified by

the client, then you must configure authentication keys on both the client

and the switch as described in the following section. Note that regardless of

whether you use public key or password authentication, you still have to

generate authentication keys on the switch (SSH Host Key Settings) and

enable the SSH server (Authentication Settings).

To use the SSH server, complete these steps:

1.

Generate a Host Key Pair – On the SSH Host Key Settings page, create
a host public/private key pair.

2.

Provide Host Public Key to Clients – Many SSH client programs
automatically import the host public key during the initial connection

setup with the switch. Otherwise, you need to manually create a known

hosts file on the management station and place the host public key in

it. An entry for a public key in the known hosts file would appear similar

to the following example:

10.1.0.54 1024 35

15684995401867669259333946775054617325313674890836547254
15020245593199868544358361651999923329781766065830956
10825913212890233 76546801726272571413428762941301196195566782
59566410486957427888146206519417467729848654686157177393901647

79355942303577413098022737087794545240839717526463580581767167
09574804776117

3.

Import Client’s Public Key to the Switch – See

"Importing User Public

Keys" on page 295

, or use the

copy

tftp public-key

command

(

page 512

) to copy a file containing the public key for all the SSH

client’s granted management access to the switch. (Note that these

clients must be configured locally on the switch via the User Accounts

page as described on

page 273

.) The clients are subsequently

authenticated using these keys. The current firmware only accepts

public key files based on standard UNIX format as shown in the

following example for an RSA Version 1 key:

1024 35

13410816856098939210409449201554253476316419218729589211431738
80055536161631051775940838686311092912322268285192543746031009
37187721199696317813662774141689851320491172048303392543241016

37997592371449011938006090253948408482717819437228840253311595
2134861022902978982721353267131629432532818915045306393916643
[email protected]

4.

Set the Optional Parameters – On the SSH Settings page, configure the
optional parameters, including the authentication timeout, the number

of retries, and the server key size.

See also other documents in the category Microsens Accessories communication: