Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N2100 Series
251252253254255256257258259260
256 Authentication, Authorization, and Accounting
Access Lines
There are five access lines: console, Telnet, SSH, HTTP, and HTTPS. HTTP
and HTTPS are not configured using AAA method lists. Instead, the
authentication list for HTTP and HTTPS is configured directly
(authorization and accounting are not supported). The default method lists
for both the HTTP and HTTPS access lines consist of only the local method.
Each of the other access lines may be assigned method lists independently for
the AAA services.
The SSH line has built-in authentication beyond that configured by the
administrator.
In the SSH protocol itself, there are multiple methods for authentication.
These are not the authentication methods configured in AAA, but are
internal to SSH itself. When an SSH connection is attempted, the challenge-
response method is specified in the connection request.
The methods available for authentication using SSH are: host-based
authentication, public key authentication, challenge-response authentication,
and password authentication. Authentication methods are tried in the order
specified above, although SSH-2 has a configuration option to change the
default order.
Host-based SSH authentication is not supported by Dell EMC Networking
N-Series switches. Use the Management ACL capability to perform the
equivalent function.
Public key SSH authentication operates as follows:
The administrator first generates a pair of encryption keys, the “public” key
and the “private” key. Messages encrypted with the private key can be
decrypted only by the public key, and vice-versa. The administrator keeps the
private key on his/her local machine, and loads the public key on to the
switch. When the administrator attempts to log into the switch, the protocol
sends a brief message, encrypted with the public key. If the switch can decrypt
Authorization (commands) dfltCmdAuthList none
Accounting (exec) dfltExecList tacacs (start-stop)
Accounting (commands) dfltCmdList tacacs (stop-only)
Table 9-2. Default Method Lists (Continued)
AAA Service (type) List Name List Methods