DELL N3000 User Manual
218
Configuring Authentication, Authorization, and Accounting
Public Key SSH Authentication Example
The following is an example of a public key configuration for SSH login.
Using a tool such as putty and a private/public key infrastructure, one can
enable secure login to the Dell Networking switch without a password.
Instead, a public key is used with a private key kept locally on the
administrator's computer. The public key can be placed on multiple devices,
allowing the administrator secure access without needing to remember
multiple passwords. It is strongly recommended that the private key be
protected with a password.
This configuration requires entering a public key, which can be generated by a
This configuration requires entering a public key, which can be generated by a
tool such as PuTTYgen. Be sure to generate the correct type of key. In this
case, we use an RSA key with the SSH-2 version of the protocol.
Switch Configuration
username "admin" password f4d77eb781360c5711ecf3700a7af623 privilege 15 encrypted
aaa authentication login "NOAUTH" line
aaa authentication enable "NOAUTH" line
crypto key generate rsa
crypto key pubkey-chain ssh user-key "admin" rsa
key-string row AAAAB3NzaC1yc2EAAAABJQAAAIBor6DPjYDpSy8Qcji68xrS/4Lf8c9Jq4xXKIZ5
Pvv20AkRFE0ifVI9EH4jyZagR3wzH5Xl9dyjA6bTuqMgN15C1xJC1l59FU88JaY7
ywGdRppmoaJrNRPM7RZtQPaDVIunzm3eMr9PywwQ0umsHWGNexUrDYHFWRIAmJp6
89AAxw==
exit
line ssh
login authentication defaultList
exit
ip ssh server
ip ssh pubkey-auth
ip ssh protocol 2
aaa authentication login "NOAUTH" line
aaa authentication enable "NOAUTH" line
crypto key generate rsa
crypto key pubkey-chain ssh user-key "admin" rsa
key-string row AAAAB3NzaC1yc2EAAAABJQAAAIBor6DPjYDpSy8Qcji68xrS/4Lf8c9Jq4xXKIZ5
Pvv20AkRFE0ifVI9EH4jyZagR3wzH5Xl9dyjA6bTuqMgN15C1xJC1l59FU88JaY7
ywGdRppmoaJrNRPM7RZtQPaDVIunzm3eMr9PywwQ0umsHWGNexUrDYHFWRIAmJp6
89AAxw==
exit
line ssh
login authentication defaultList
exit
ip ssh server
ip ssh pubkey-auth
ip ssh protocol 2
The following describes each line of the above configuration:
The username command creates a switch administrator.
The aaa authentication lines set the login and enable methods for line to
The username command creates a switch administrator.
The aaa authentication lines set the login and enable methods for line to
NOAUTH.
The crypto key generate command generates an internal RSA key. This step is
The crypto key generate command generates an internal RSA key. This step is
not required if an internal RSA key has been generated before on this switch.
NOTE:
A user logging in with this configuration would be placed in User EXEC
mode with privilege level 1. To access Privileged EXEC mode with privilege level 15,
use the enable command.