Reference Guide
Security | 879
• When all the three authentication methods are enabled, password authentication is the backup method
when the RSA method fails.
• The files known_hosts and known_hosts2 are generated when a user tries to SSH using version 1 or
version 2, respectively.
SSH Authentication by Password
Authenticate an SSH client by prompting for a password when attempting to connect to the Dell Force10
system. This is the simplest methods of authentication and uses SSH version 1.
Enable SSH password authentication using the command
ip ssh password-authentication enable from
CONFIGURATION mode. View your SSH configuration using the command
show ip ssh from EXEC
Privilege mode.
FTOS(conf)#ip ssh server enable
% Please wait while SSH Daemon initializes ... done.
FTOS(conf)#ip ssh password-authentication enable
FTOS#sh ip ssh
SSH server : enabled.
Password Authentication : enabled.
Hostbased Authentication : disabled.
RSA Authentication : disabled.
Vty Encryption Remote IP
RSA Authentication of SSH
The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This
method uses SSH version 2:
Step Task Command Syntax Command Mode
1 On the SSH client (Unix machine), generate an RSA key, as shown in the following example.
admin@Unix_client#ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):
/home/admin/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/admin/.ssh/id_rsa.
Your public key has been saved in /home/admin/.ssh/id_rsa.pub.
The key fingerprint is:
53:aa:a0:3e:6a:79:09:5a:a0:12:32:e3:9c:9a:7e:73 admin@Unix_client
2 Copy the public key id_rsa.pub to the Dell Force10 system.
3 Disable password authentication if enabled. no ip ssh password-authentication
enable
CONFIGURATION
4 Enable RSA authentication.
ip ssh rsa-authentication enable
EXEC Privilege