Configure Secure Shell (SSH) User Authentication Settings on a Cisco Business 350 Series Switch

Available Languages

Download Options

  • PDF     (739.2 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (796.2 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (1.4 MB)
    View on Kindle device or Kindle app on multiple devices
Updated:February 19, 2021
Document ID:1613767687734245

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

$pagetitle$

Objective

This article provides instructions on how to configure client user authentication on Cisco Business 350 series switches.

Introduction

Secure Shell (SSH) is a protocol that provides a secure remote connection to specific network devices. This connection provides functionality that is similar to a Telnet connection, except that it is encrypted. SSH allows the administrator to configure the switch through the command line interface (CLI) with a third party program.

In CLI mode via SSH, the administrator can execute more advanced configurations in a secure connection. SSH connections are useful in troubleshooting a network remotely, in cases where the network administrator is not physically present at the network site. The switch lets the administrator authenticate and manage users to connect to the network via SSH. The authentication occurs via a public key that the user can use to establish an SSH connection to a specific network.

The SSH client feature is an application that runs over the SSH protocol to provide device authentication and encryption. It enables a device to make a secure and encrypted connection to another device that runs the SSH server. With authentication and encryption, the SSH client allows for a secure communication over an unsecure Telnet connection.

Applicable Devices | Software Version

Configure SSH Client User Authentication Settings

Enable SSH Service

In order to support auto configuration of an out-of-box device (device with factory default configuration), SSH server authentication is disabled by default.

Step 1. Log in to the web-based utility and choose Security > TCP/UDP Services

Step 2. Check the SSH Service check box to enable access of switches command prompt through SSH.

Step 3. Click Apply to enable the SSH service.

Configure SSH User Authentication Settings

Use this page to choose an SSH user authentication method. You can set a username and password on the device if the password method is chosen. You can also generate a Ron Rivest, Adi Shamir and Leonard Adleman (RSA) or Digital Signature Algorithm (DSA) key if the public or private key method is selected.

RSA and DSA default key pairs are generated for the device when it is booted. One of these keys is used to encrypt the data being downloaded from the SSH server. The RSA key is used by default. If the user deletes one or both of these keys, they are regenerated.

Step 1. Log in to the web-based utility of your switch then choose Advanced in the Display Mode drop-down list.

Step 2. Choose Security > SSH Client > SSH User Authentication from the menu.

Step 3. Under Global Configuration, click the desired SSH User Authentication Method.

When a device (SSH client) attempts to establish an SSH session to the SSH server, the SSH server uses one of the following methods for client authentication:

  • By Password - This option lets you configure a password for user authentication. This is the default setting and the default password is anonymous. If this option is chosen, make sure that the username and password credentials have been established on the SSH Server.
  • By RSA Public Key - This option lets you use RSA public key for user authentication. An RSA key is an encrypted key based on factorization of large integers. This key is the most common type of key used for SSH user authentication.
  • By DSA Public Key - This option lets you use a DSA public key for user authentication. A DSA key is an encrypted key based on ElGamal discrete algorithm. This key is not commonly used for SSH user authentication as it takes more time in the authentication process.

In this example, By Password is chosen.

Step 4. In the Credentials area, enter the user name in the Username field.

In this example, ciscosbuser1 is used.

Step 5. (Optional) If you chose By Password in Step 2, click the method then enter the password in the Encrypted or Plaintext field.

The options are:

  • Encrypted - This option lets you enter an encrypted version of the password.
  • Plaintext - This option lets you enter a plain text password.

In this example, Plaintext is chosen and a plain text password is entered.

Step 6. Click Apply to save your authentication configuration.

Step 7. (Optional) Click Restore Default Credentials to restore the default user name and password then click OK to proceed.

The username and password will be restored to the default values: anonymous/anonymous.

Step 8. (Optional) Click Display Sensitive Data as Plaintext to show the sensitive data of the page in plain text format then click OK to proceed.

Configure SSH User Key Table

Step 9. Check the check box of the key you wish to manage.

In this example, RSA is chosen.

Step 10. (Optional) Click Generate to generate a new key. The new key will override the checked key then click OK to proceed.

Step 11. (Optional) Click Edit to edit a current key.

Step 12. (Optional) Choose a key type from the Key Type drop-down list.

In this example, RSA is chosen.

Step 13. (Optional) Enter the new public key in the Public Key field.

Step 14. (Optional) Enter the new private key in the Private Key field.

You can edit the private key and you can click Encrypted to see the current private key as an encrypted text, or Plaintext to see the current private key in plain text.

Step 15. (Optional) Click Display Sensitive Data as Plaintext to show the encrypted data of the page in plain text format then click OK to proceed.

Step 16. Click Apply to save your changes then click Close.

Step 17. (Optional) Click Delete to delete the checked key.

Step 18. (Optional) Once prompted by a confirmation message as shown below, click OK to delete the key.

Step 19. (Optional) Click Details to see the details of the checked key.

Step 20. (Optional) Click the Save button at the top portion of the page to save the changes to the startup configuration file.

You have now configured the client user authentication settings on your Cisco Business 350 series switch.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products