Users Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

921

922

923

924

925

926

927

928

929

930

Enable host-based authentication on the server (Dell Networking system) and the client (Unix machine). The following message appears if

you attempt to log in via SSH and host-based is disabled on the client. In this case, verify that host-based authentication is set to “Yes” in

the le ssh_cong (root permission is required to edit this le): permission denied (host based).

If the IP address in the RSA key does not match the IP address from which you attempt to log in, the following message appears. In this

case, verify that the name and IP address of the client is contained in the le /etc/hosts: RSA Authentication Error.

Telnet

To use Telnet with SSH, rst enable SSH, as previously described.

By default, the Telnet daemon is enabled. If you want to disable the Telnet daemon, use the following command, or disable Telnet in the

startup cong. To enable or disable the Telnet daemon, use the [no] ip telnet server enable command.

Example of Using Telnet for Remote Login

Dell(conf)#ip telnet server enable

Dell(conf)#no ip telnet server enable

VTY Line and Access-Class Conguration

Various methods are available to restrict VTY access in the Dell Networking OS. These depend on which authentication scheme you use —

line, local, or remote.

Table 95. VTY Access

Authentication Method VTY access-class support? Username access-class

support?

Remote authorization support?

Line YES NO NO

Local NO YES NO

TACACS+ YES NO YES

RADIUS YES NO YES

The system provides several ways to congure access classes for VTY lines, including:

• VTY Line Local Authentication and Authorization

• VTY Line Remote Authentication and Authorization

VTY Line Local Authentication and Authorization

The system retrieves the access class from the local database.

To use this feature:

1 Create a username.

2 Enter a password.

3 Assign an access class.

4 Enter a privilege level.

You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as authorization.

Congure local authentication globally and congure access classes on a per-user basis.

The system can assign dierent access classes to dierent users by username. Until users attempt to log in, the system does not know if

they will be assigned a VTY line. This means that incoming users always see a login prompt even if you have excluded them from the VTY

Security

927