52
Telnet, Secure Shell (SSH) and Secure Login (Slogin) Commands
User Guidelines
This command enables public key authentication by a local SSH server of remote
SSH clients.
The local SSH server advertises all enabled SSH authentication methods and
remote SSH clients are responsible for choosing one of them.
After a remote SSH client is successfully authenticated by public key, the client
must still be AAA-authenticated to gain management access to the device, except
if the auto-login parameter was specified.
If no SSH authentication method is enabled, remote SSH clients must still be
AAA-authenticated before being granted management access to the device.
If the auto-login keyword is specified for SSH authentication by public key
management access is granted if SSH authentication succeeds and the name of
SSH used is found in the local user database. The device management AAA
authentication is transparent to the user. If the user name is not in the local user
database, then the user receives a warning message, and the user will need to
pass the device management AAA authentication independently of the SSH
authentication.
if the auto-login keyword is not specified, management access is granted only if
the user engages and passes both SSH authentication and device management
AAA authentication independently.If no SSH authentication method is enabled
management access is granted only if the user is AAA authenticated by the
device management. No SSH authentication method means SSH is enabled and
neither SSH authentication by public key nor password is enabled.
Example
The following example enables authentication of the SSH client.
switchxxxxxx(config)#
ip ssh pubkey-auth
52.6 crypto key pubkey-chain ssh
The crypto key pubkey-chain ssh Global Configuration mode command enters the
SSH Public Key-chain Configuration mode. This mode is used to manually specify
device public keys, such as SSH client public keys.
Syntax
crypto key pubkey-chain ssh
1009
OL-32830-01 Command Line Interface Reference Guide