Outbound Connections

The SSHv2 client supports SSHv2 DSA public key authentication and password authentication.

Note

Note

For certain switches in enhanced secure mode, all sensitive files are protected. You cannot access any sensitive files using Telnet, SSH, FTP, SFTP, TFTP, and SCP connections. For more information, see Sensitive File Protection.

Note

Note

You must enable SSH globally before you can generate SSH DSA user keys.

The SSHv2 client is a secure replacement for outbound Telnet. Password authentication is the easiest way to use the SSHv2 client feature.

Instead of password authentication, you can use DSA public key authentication between the SSHv2 client and an SSHv2 server. Before you can perform a public key authentication, you must generate the key pair files and distribute the key files to all the SSHv2 server systems. Because passphrase encrypts and further protects the key files, you must provide a passphrase to decrypt the key files as part of the DSA authentication.

Note

Note

SSH RSA and DSA public and private keys are copied from /intflash/shared to /intflash/.ssh.

To attempt public key authentication, the SSHv2 client looks for the associated DSA key pair files in the /intflash/.ssh directory. If no DSA key pair files are found, the SSHv2 client automatically prompts you for password authentication. If the SSHv2 client succeeds with the authentication, then a new secured SSHv2 session is established to the remote SSHv2 server. For more information, see .DSA Authentication Access Level and File Name.

Important

Important

If you configure the DSA user key with a passphrase but you do not supply the correct passphrase when you try to make the SSHv2 connection, then the system defaults back to the password authentication. If the SSHv2 client succeeds with the authentication, then a new secured SSHv2 session is established to the remote SSHv2 server.