Chapter 32
Configuring Users and Common Roles
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
SSH Authentication Using Digital Certificates
SSH authentication on the Cisco MDS 9000 Family switches provide X.509 digital certificate support
for host authentication. An X.509 digital certificate is a data item that vouches for the origin and integrity
of a message. It contains encryption keys for secured communications and is "signed" by a trusted
certification authority (CA) to verify the identity of the presenter. The X.509 digital certificate support
provides either DSA or RSA algorithms for authentication.
The certificate infrastructure uses the first certificate that supports the Secure Socket Layer (SSL) and
is returned by the security infrastructure, either through query or notification. Verification of certificates
is successful if the certificates are from any of the trusted CAs.
You can configure your switch for either SSH authentication using an X.509 certificate or SSH
authentication using a Public Key Certificate, but not both. If either of them is configured and the
authentication fails, you will be prompted for a password.
For more information on CAs and digital certificates, see
Authorities and Digital Certificates."
Recovering the Administrator Password
You can recover the administrator password using one of two methods:
•
•
The following topics included in this section:
•
•
Using the CLI with Network-Admin Privileges
If you are logged in to, or can log into, switch with a user name that has network-admin privileges and then
recover the administrator password, follow these steps:
Use the show user-accounts command to verify that your user name has network-admin privileges.
Step 1
switch# show user-account
user:admin
user:dbgusr
If your user name has network-admin privileges, issue the username command to assign a new
Step 2
administrator password.
switch# config t
switch(config)# username admin password <new password>
switch(config)# exit
switch#
OL-18084-01, Cisco MDS NX-OS Release 4.x
From the CLI with a user name that has network-admin privileges.
Power cycling the switch.
Using the CLI with Network-Admin Privileges, page 32-19
Power Cycling the Switch, page 32-20
this user account has no expiry date
roles:network-admin
this user account has no expiry date
roles:network-admin network-operator
Recovering the Administrator Password
Chapter 36, "Configuring Certificate
Cisco MDS 9000 Family CLI Configuration Guide
32-19