Configuring incoming SSH authentication

  1. Log in to your remote host.
  2. Generate a key pair for host-to-switch (incoming) authentication by verifying that SSH v2 is installed and working (refer to your host’s documentation as necessary) by entering the following command:
    ssh-keygen -t rsa
    

    The following example generates RSA/DSA key pair.

    anyuser@mymachine: ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/users/anyuser/.ssh/id_rsa
    ):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /users/anyuser/.ssh/id_rsa.
    Your public key has been saved in /users/anyuser/.ssh/id_rsa.pub.
    The key fingerprint is:
    32:9f:ae:b6:7f:7e:56:e4:b5:7a:21:f0:95:42:5c:d1 anyuser@mymachine
    
  3. Import the public key to the switch by logging in to the switch as any user with the admin role and entering the sshUtil importpubkey command to import the key.

    The following example adds the public key to the switch.

    switch:anyuser> sshutil importpubkey
    Enter user name for whom key is imported: aswitchuser
    Enter IP address:192.168.38.244
    Enter remote directory:~auser/.ssh
    Enter public key name(must have .pub suffix):id_rsa.pub
    Enter login name:auser
    Password:
    Public key is imported successfully.
    
  4. Test the setup by logging in to the switch from a remote device, or by running a command remotely using SSH.