Users Guide
Authentication, Authorization, and Accounting 251
the message (and can send back some proof that it has done so) then the
response proves that switch must possess the public key, and user is
authenticated without giving a username/password.
The public key method is implemented in the Dell EMC Networking
N-Series switch as opposed to an external server. If the user does not present a
certificate, it is not considered an error and authentication will continue with
challenge-response authentication.
Challenge-response SSH authentication works as follows:
The switch sends an arbitrary “challenge” text and prompts for a response.
SSH-2 allows multiple challenges and responses; SSH-1 is restricted to one
challenge/response only. Examples of challenge-response authentication
include BSD Authentication.
Finally, if all other authentication methods fail, SSH prompts the user for a
password.
Enabling SSH Access
The following example enables the switch to be accessed using SSH. If RSA
or DSA keys exist, the switch will prompt to overwrite the keys as shown
below. The RSA and DSA keys are used to negotiate the symmetric
encryption algorithm used for the SSH session.
console(config)#crypto key generate rsa
Do you want to overwrite the existing RSA keys? (y/n):y
RSA key generation started, this may take a few minutes...
RSA key generation complete.
console(config)#crypto key generate dsa
Do you want to overwrite the existing DSA keys? (y/n):y
DSA key generation started, this may take a few minutes...
DSA key generation complete.
console(config)#ip ssh server
Access Lines (AAA)
Table 9-3 shows the method lists assigned to the various access lines by
default.