Users Guide
310 Authentication, Authorization, and Accounting
Public Key SSH Authentication Example
The following is an example of a public key configuration for SSH login.
Using a tool such as putty and a private/public key infrastructure, one can
enable secure login to the Dell EMC Networking N-Series switch without a
password. Instead, a public key is used with a private key kept locally on the
administrator's computer. The public key can be placed on multiple devices,
allowing the administrator secure access without needing to remember
multiple passwords. It is strongly recommended that the private key be
protected with a password.
This configuration requires entering a public key, which can be generated by a
tool such as PuTTYgen. Be sure to generate the correct type of key. In this
case, we use an RSA key with the SSH-2 version of the protocol.
Switch Configuration
1
Create a switch administrator:
console#config
console(config)#username “admin” password
f4d77eb781360c5711ecf3700a7af623 privilege 15 encrypted
2
Set the login and enable methods for line to NOAUTH.
console(config)#aaa authentication login “NOAUTH” line
console(config)#aaa authentication enable “NOAUTH” line
3
Generate an internal RSA key. This step is not required if an internal RSA
key has been generated before on this switch:
console(config)#crypto key generate rsa
4
Set SSH to use a public key for the specified administrator login. The user
login is specified by the username command, not the ias-user command:
console(config)#crypto key pubkey-chain ssh user-key “admin”
rsa
NOTE: Dell EMC Networking TACACS supports setting the maximum user privilege
level in the authorization response. Configure the TACACS server to send priv-lvl=
X, where X is either 1 (Non-privileged mode), or 15 (Privileged mode).