Users Guide
(host)(config) #mgmt-user ssh-pubkey client-cert client1-rg test1 root rcp ca-rg
In this example, a user is configured without the RCP:
(host)(config) #mgmt-user ssh-pubkey client-cert client2-rg test2 root
Displaying Revocation Checkpoint for the SSH Pubkey User
The RCP checks the revocation status of the SSH user’s client certificate before permitting access. If the
revocation check fails, the user is denied access using the ssh-pubkey authentication method. However, the
user can still authenticate through a username and password if configured to do so. This feature allows the
ssh-pubkey management user to be optionally configured with a Revocation Checkpoint (RCP). This meets the
requirement for a two-factor authentication and integration of device management with PKI for SSH pubkey
authentication. The ArubaOS implementation of SSH using Pubkey authentication is designed for integration
with smart cards or other technologies that use X.50.
Configuring the SSH Pubkey User with RCP
The column REVOCATION CHECKPOINT displays the configured RCP for the ssh-pubkey user. If no RCP is
configured for the user, the word none is displayed.
In the WebUI
Navigate to Configuration > Management > Administration.
The column SSH Revocation Checkpoint displays the RCP configured (if any) for the ssh pubkey user.
In the CLI
(host)#show mgmt-user ssh-pubkey
Removing the SSH Pubkey User
In the WebUI
1. Navigate to Configuration > Management > Administration.
2. Click Delete next to the management user you want to delete.
In the CLI
(host) (config) #no mgmt-user ssh-pubkey client-cert <certname> <username>
Dell Networking W-Series ArubaOS 6.4.x | User Guide Certificate Revocation | 371