DSA Authentication Access Level and File Name

The following table lists the access levels and file names that you must use to store the SSHv2 client authentication information using DSA onto the switch that acts as the SSHv2 server.

For certain switches in enhanced secure mode, all sensitive files are protected. The home directory for enhanced secure mode is /intflash/shared. You cannot access any sensitive files using Telnet, SSH, FTP, SFTP, TFTP, and SCP connections. For more information, see Sensitive File Protection.

Table 1. DSA authentication access levels and file names

Client key format or WSM

Access level

File name

Client key in non IETF and IETF format with enhanced secure mode disabled

Note:

The switch supports IETF and non-IETF for DSA.

RWA

/intflash/.ssh/dsa_key_rwa

RW

/intflash/.ssh/dsa_key_rw

RO

/intflash/.ssh/dsa_key_ro

L3

/intflash/.ssh/dsa_key_rwl3

L2

/intflash/.ssh/dsa_key_rwl2

L1

/intflash/.ssh/dsa_key_rwl1

Client key in enhanced secure mode

administrator

/intflash/shared/dsa_key_admin

operator

/intflash/shared/dsa_key_operator

security

/intflash/shared/dsa_key_security

privilege

/intflash/shared/dsa_key_priv

auditor

/intflash/shared/dsa_key_auditor

The switch generates an RSA public and private server key pair. The public part of the key for RSA is stored in /intflash/.ssh/ssh_key_rsa_pub.key. If an RSA key pair does not exist, then the switch automatically generates one when you enable the SSH server. To authenticate a client using RSA, the administrator must copy the public part of the client RSA key to the switch.

For a certain switches in enhanced secure mode, sensitive files are protected. You cannot copy public or private keys directly to /intflash/.ssh. You must import the DSA/RSA private and public key from /intflash/shared. For more information, see Import DSA and RSA Private or Public Keys.