6-29
Configuring Secure Shell (SSH)
Further Information on SSH Client Public-Key Authentication
For example, if you wanted to copy a client public-key file named clientkeys.txt
from a TFTP server at 10.38.252.195 and then display the file contents:
Figure 6-14. Example of Copying and Displaying a Client Public-Key File Containing Two Different Client
Public Keys for the Same Client
Replacing or Clearing the Public Key File. The client public-key file
remains in the switch’s flash memory even if you erase the startup-config file,
reset the switch, or reboot the switch.
■ You can remove the existing client public-key file or specific keys by
executing the clear crypto public-key command. This clears the public
keys from both management modules. The module that is not active
must be in standby mode.
Syntax: clear crypto public-key
Deletes the client-public-key file from the switch.
Syntax: clear crypto public-key 3
Deletes the entry with an index of 3 from the
client-public-key file on the switch.
Enabling Client Public-Key Authentication. After you TFTP a client-
public-key file into the switch (described above), you can configure the switch
to allow the following:
■ If an SSH client’s public key matches the switch’s client-public-key
file, allow that client access to the switch. If there is not a public-key
match, then deny access to that client.
