The following table lists the access levels and file names that you must use to store the SSHv2 client authentication information using DSA onto the switch that acts as the SSHv2 server.
For certain switches in enhanced secure mode, all sensitive files are protected. The home directory for enhanced secure mode is /intflash/shared. You cannot access any sensitive files using Telnet, SSH, FTP, SFTP, TFTP, and SCP connections. For more information, see Sensitive File Protection.
Client key format or WSM |
Access level |
File name |
---|---|---|
Client key in non IETF and IETF format with enhanced secure mode disabled Note:
The switch supports IETF and non-IETF for DSA. |
RWA |
/intflash/.ssh/dsa_key_rwa |
RW |
/intflash/.ssh/dsa_key_rw |
|
RO |
/intflash/.ssh/dsa_key_ro |
|
L3 |
/intflash/.ssh/dsa_key_rwl3 |
|
L2 |
/intflash/.ssh/dsa_key_rwl2 |
|
L1 |
/intflash/.ssh/dsa_key_rwl1 |
|
Client key in enhanced secure mode |
administrator |
/intflash/shared/dsa_key_admin |
operator |
/intflash/shared/dsa_key_operator |
|
security |
/intflash/shared/dsa_key_security |
|
privilege |
/intflash/shared/dsa_key_priv |
|
auditor |
/intflash/shared/dsa_key_auditor |
The switch generates an RSA public and private server key pair. The public part of the key for RSA is stored in /intflash/.ssh/ssh_key_rsa_pub.key. If an RSA key pair does not exist, then the switch automatically generates one when you enable the SSH server. To authenticate a client using RSA, the administrator must copy the public part of the client RSA key to the switch.
For a certain switches in enhanced secure mode, sensitive files are protected. You cannot copy public or private keys directly to /intflash/.ssh. You must import the DSA/RSA private and public key from /intflash/shared. For more information, see Import DSA and RSA Private or Public Keys.