To create a client-public-key text file – HP 4100GL User Manual

Page 107

Advertising
background image

Configuring Secure Shell (SSH)

Further Information on SSH Client Public-Key Authentication

3.

If there is not a match, and you have not configured the switch to accept
a login password as a secondary authentication method, the switch denies
SSH access to the client.

4. If there is a match, the switch:

a. Generates a random sequence of bytes.

b. Uses the client’s public key to encrypt this sequence.

c. Send these encrypted bytes to the client.

5. The client uses its private key to decrypt the byte sequence.

6. The client then:

a. Combines the decrypted byte sequence with specific session data.

b. Uses a secure hash algorithm to create a hash version of this informa

-

tion.

c. Returns the hash version to the switch.

7.

The switch computes its own hash version of the data in step 6 and
compares it to the client’s hash version. If they match, then the client is
authenticated. Otherwise, the client is denied access.

Using client public-key authentication requires these steps:

1.

Generate a public/private key pair for each client you want to have SSH
access to the switch. This can be a separate key for each client or the same
key copied to several clients.

2. Copy the public key for each client into a client-public-key text file.

3.

Use

copy tftp to copy the client-public-key file into the switch. Note that

the switch can hold 10 keys. The new key is appended to the client public

-

key file

4.

Use the

aaa authentication ssh command to enable client public-key

authentication.

To Create a Client-Public-Key Text File.

These steps describe how to

copy client-public-keys into the switch for RSA challenge-response authenti

-

cation, and require an understanding of how to use your SSH client applica

-

tion.

Bit Size

Exponent
<e>

Modulus
<n>

Comment

Figure 4-15. Example of a Client Public Key

4-23

Advertising