Administrator Guide

Authentication, Authorization, and Accounting 233

This authentication method is not implemented by Dell Networking N-Series

switches. Use the Management ACL capability to perform the equivalent

function.

Public key authentication operates as follows:

The administrator first generates a pair of encryption keys, the “public” key

and the “private” key. Messages encrypted with the private key can be

decrypted only by the public key, and vice-versa. The administrator keeps the

private key on his/her local machine, and loads the public key on to the

switch. When the administrator attempts to log into the switch, the protocol

sends a brief message, encrypted with the public key. If the switch can decrypt

the message (and can send back some proof that it has done so) then the

response proves that switch must possess the private key, and user is

authenticated without giving a username/password.

The public key method is implemented in the Dell Networking N-Series

switch as opposed to an external server. If the user does not present a

certificate, it is not considered an error, and authentication will continue with

challenge-response authentication.

Challenge-response authentication works as follows:

The switch sends an arbitrary “challenge” text and prompts for a response.

SSH-2 allows multiple challenges and responses; SSH-1 is restricted to one

challenge/response only. Examples of challenge-response authentication

include BSD Authentication.

Finally, if all other authentication methods fail, SSH prompts the user for a

password.

Access Lines (AAA)

Table 10-3 shows the method lists assigned to the various access lines by

default.

Table 10-3. Default AAA Methods

AAA Service (type) Console Telnet SSH

Authentication

(login)

defaultList networkList networkList

Authentication

(enable)

enableList enableNetList enableNetList