Ssh Server Authentication; Ssh Client Authentication - Cisco 500 series Administration Manual

Using the SSH Client Feature

SSH Server Authentication

SSH Server Authentication

SSH Client Authentication

Cisco 500 Series Stackable Managed Switch Administration Guide
A switch, as an SSH client, only communicates with a trusted SSH server. When
SSH server authentication is disabled (the default setting), any SSH server is
considered trusted. When SSH server authentication is enabled, the user must
add an entry for the trusted servers to the Trusted SSH Servers Table. This table
stores the following information per each SSH Trusted server for a maximum of 16
servers, and contains the following information:
• Server IP address/host name
• Server public key fingerprint
When SSH server authentication is enabled, the SSH client running on the switch
authenticates the SSH server using the following authentication process:
• The switch calculates the fingerprint of the received SSH server's public
key.
• The switch searches the SSH Trusted Servers table for the SSH server's IP
address/host name. One of the following can occur:
- If a match is found, both for the server's IP address/host name and its
fingerprint, the server is authenticated.
- If a matching IP address/host name is found, but there is no matching
fingerprint, the search continues. If no matching fingerprint is found, the
search is completed and authentication fails.
- If no matching IP address/host name is found, the search is completed
and authentication fails.
• If the entry for the SSH server is not found in the list of trusted servers, the
process fails.
SSH client authentication by password is enabled by default, with the username/
password being "anonymous".
The user must configure the following information for authentication:
• The authentication method to be used.
• The username/password or public/private key pair.
19
350