RSA Authentication Access Level and File Name

For certain switches in enhanced secure mode, all sensitive files are protected. The home directory for enhanced secure mode is /intflash/shared. You cannot access any sensitive files using Telnet, SSH, FTP, SFTP, TFTP, and SCP connections. For more information, see Sensitive File Protection.

The following table lists the access levels and file names you can use for storing the SSH client authentication information using RSA.

Table 1. RSA authentication access levels and file names

Client key format or WSM

Access level

File name

Client key in IETF format with enhanced secure mode disabled.

RWA

/flash/.ssh/rsa_key_rwa

RW

/flash/.ssh/rsa_key_rw

RO

/flash/.ssh/rsa_key_ro

L3

/flash/.ssh/rsa_key_rwl3

L2

/flash/.ssh/rsa_key_rwl2

L1

/flash/.ssh/rsa_key_rwl1

Client key with enhanced secure mode enabled

Note: Exception: does not apply to VSP 8600 Series.

administrator

/intflash/shared/rsa_key_admin

operator

/intflash/shared/rsa_key_operator

security

/intflash/shared/rsa_key_security

privilege

/intflash/shared/rsa_key_priv

auditor

/intflash/shared/rsa_key_auditor

Client key with enhanced secure mode enabled

Note: Exception: only applies to VSP 8600 Series.

administrator

/intflash/.ssh/rsa_key_admin

operator

/intflash/.ssh/rsa_key_operator

security

/intflash/.ssh/rsa_key_security

privilege

/intflash/.ssh/rsa_key_priv

auditor

/intflash/.ssh/rsa_key_auditor

administrator

/intflash/.ssh/rsa_key_admin