Administrator Guide
EXEC Privilege mode
ip ssh rsa-authentication my-authorized-keys flash://public_key
Example of Generating RSA Keys
admin@Unix_client#ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):
/home/admin/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/admin/.ssh/id_rsa.
Your public key has been saved in /home/admin/.ssh/id_rsa.pub.
Conguring Host-Based SSH Authentication
Authenticate a particular host. This method uses SSH version 2.
To congure host-based authentication, use the following commands.
1. Congure RSA Authentication. Refer to Using RSA Authentication of SSH.
2. Create shosts by copying the public RSA key to the le shosts in the directory .ssh, and write the IP address of the host to the
le.
cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts
Refer to the rst example.
3. Create a list of IP addresses and usernames that are permitted to SSH in a le called rhosts.
Refer to the second example.
4. Copy the le shosts and rhosts to the Dell Networking system.
5. Disable password authentication and RSA authentication, if congured
CONFIGURATION mode or EXEC Privilege mode
no ip ssh password-authentication or no ip ssh rsa-authentication
6. Enable host-based authentication.
CONFIGURATION mode
ip ssh hostbased-authentication enable
7. Bind shosts and rhosts to host-based authentication.
CONFIGURATION mode
ip ssh pub-key-file flash://filename or ip ssh rhostsfile flash://filename
Example of Creating
shosts
Example of Creating
rhosts
admin@Unix_client# cd /etc/ssh
admin@Unix_client# ls
moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.pub
ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_key
ssh_host_rsa_key
admin@Unix_client# cat ssh_host_rsa_key.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8K7jLZRVfjgHJzUOmXxuIbZx/
AyWhVgJDQh39k8v3e8eQvLnHBIsqIL8jVy1QHhUeb7GaDlJVEDAMz30myqQbJgXBBRTWgBpLWwL/
doyUXFufjiL9YmoVTkbKcFmxJEMkE3JyHanEi7hg34LChjk9hL1by8cYZP2kYS2lnSyQWk=
admin@Unix_client# ls
Security
697