Import DSA and RSA Private or Public Keys

Note

Note

This procedure does not apply to VSP 8600 Series.

About this task

Use this task to import SSH RSA and DSA public and private keys.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Enter the following command to install the DSA or RSA public or private key:

    ssh install-user-key WORD<1-15> {rwa | rw | ro | rwl1 | rwl2 | rwl3 | admin | operator | auditor | security | priv} WORD<1-15 {public | private} WORD<1-15 {dsa | rsa}

Example

Switch:1(config)#ssh install-user-key admin public dsa
Switch(config)#1 2021-07-22T14:09:43.278+03:00 VSP-4900-24S CP1 - 0x0041460b - 00000000 GlobalRouter CLOUD_AGENT INFO 
Successfully installed SSH public key to path </intflash/.ssh/dsa_key_admin>.
Switch:1(config)#ssh install-user-key admin private dsa
Info: Successfully installed the private key to path /intflash/.ssh/id_dsa_admin
Switch:1(config)#1 2021-07-22T14:08:00.354+03:00 VSP-4900-24S CP1 - 0x0041460b - 00000000 
GlobalRouter CLOUD_AGENT INFO Successfully installed SSH private key to path </intflash/.ssh/id_dsa_admin>.

Variable Definitions

the following table defines parameters for the ssh install-user-key command.

Variable Value

WORD<1-15>{ rwa | rw | ro | rwl1 | rwl2 | rwl3, enhanced-secured mode : admin | operator | auditor | security | priv }

Specifies the user access level.

You must enable SSH globally before you can generate SSH DSA user keys.

If enhanced secure mode is disabled, the valid user access levels for the switch are:

  • rwa — Specifies read-write-all.

  • rw — Specifies read-write.

  • ro — Specifies read-only.

  • rwl1 — Specifies read-write for Layer 1.

  • rwl2 — Specifies read-write for Layer 2.

  • rwl3 — Specifies read-write for Layer 3.

If you enable enhanced secure mode, the switch uses role-based authentication. You associate each username with a specific role and the appropriate authorization rights to commands based on that role.

If enhanced secure mode is enabled, the valid user access levels for the switch are:

  • admin—Specifies a user role with access to all of the configurations, show commands, and the ability to view the log file and security commands. The administrator role is the highest level of user roles.

  • operator—Specifies a user role with access to all of the configurations for packet forwarding on Layer 2 and Layer 3, and has access to show commands to view the configuration, but cannot view the audit logs and cannot access security and password commands.

  • auditor—Specifies a user role that can view log files and view all configurations, except password configuration.

  • security—Specifies a user role with access only to security settings and the ability to view the configurations.

  • priv—Specifies a user role with access to all of the commands that the administrator has access to, and is referred to as an emergency-admin. However, the user with the privilege role must be authenticated within the switch locally. RADIUS and TACACS+ authentication is not accessible. A user role at the privilege level must login to the switch through the console port only.

WORD<1-15>{public | private}

Specifies the public key or the private key type to copy from /intflash/shared to /intflash/.ssh.

WORD<1-15>{dsa | rsa}

Specifies the DSA or RSA signature algorithm for the public key or the private key to copy.