Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4820T

701

702

703

704

705

706

707

708

709

710

Using RSA Authentication of SSH

The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses

SSH version 2.

1. On the SSH client (Unix machine), generate an RSA key, as shown in the following example.

2. Copy the public key

id_rsa.pub

to the Dell Networking system.

3. Disable password authentication if enabled.

CONFIGURATION mode

no ip ssh password-authentication enable

4. Bind the public keys to RSA authentication.

EXEC Privilege mode

ip ssh rsa-authentication enable

5. Bind the public keys to RSA authentication.

EXEC Privilege mode

ip ssh rsa-authentication my-authorized-keys flash://public_key

Example of Generating RSA Keys

admin@Unix_client#ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/admin/.ssh/id_rsa):

/home/admin/.ssh/id_rsa already exists.

Overwrite (y/n)? y

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/admin/.ssh/id_rsa.

Your public key has been saved in /home/admin/.ssh/id_rsa.pub.

Configuring Host-Based SSH Authentication

Authenticate a particular host. This method uses SSH version 2.

To configure host-based authentication, use the following commands.

1. Configure RSA Authentication. Refer to Using RSA Authentication of SSH.

2. Create

shosts

by copying the public RSA key to the file

shosts

in the directory

.ssh

, and write the IP address of the

host to the file.

cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts

Refer to the first example.

3. Create a list of IP addresses and usernames that are permitted to SSH in a file called

rhosts

Refer to the second example.

4. Copy the file

shosts

and

rhosts

to the Dell Networking system.

5. Disable password authentication and RSA authentication, if configured

CONFIGURATION mode or EXEC Privilege mode

no ip ssh password-authentication or no ip ssh rsa-authentication

6. Enable host-based authentication.

CONFIGURATION mode

ip ssh hostbased-authentication enable

7. Bind

shosts

and

rhosts

to host-based authentication.

CONFIGURATION mode

ip ssh pub-key-file flash://filename or ip ssh rhostsfile flash://filename

709