General operating rules and notes

  • The SSH server may challenge the client to authenticate itself depending on the authentication methods configured on the destination SSH server. The client first tries the "none" method of authentication; if that is unsuccessful, it examines the list of supported authentication methods from the server, if provided. If the server does not provide such a list, all methods of authentication will be tried in the following order until the session is successfully opened or rejected by the server:

    • Authentication method "publickey", if a private key has been loaded onto the switch.

    • Authentication method "password".

  • During "public-key" authentication, the client must use its private key to authenticate itself to the server. There can be only one key pair on the switch for the manager.

  • The private key should be passphrase protected for highest security; the user is prompted to enter the passphrase.

  • The private key can be configured by copying it to the SSH client switch, using the copy command.

  • If the public-key authentication fails or the client has not been configured with a key pair, the "password" method of authentication is used and the user is prompted for a password.

  • Successful TACACS or RADIUS logins will give the user either operator or manager privileges. This is important if there are chained SSH sessions.