Enabling client public-key authentication
After you TFTP a client public-key file into the switch, configure the switch to allow the following:
If an SSH client's public key matches the switch client public-key file, allow that client access to the switch. If there is not a public-key match, then deny access to that client.
Syntax:
aaa authentication ssh login public-key none
Allows SSH client access only if the switch detects a match between the client’s public key and an entry in the client-public- key file most recently copied into the switch.
To enable client public-key authentication
to block SSH clients whose public keys are not in the client public-key
file copied into the switch, you must configure the Login Secondary
as none. Otherwise, the switch allows such clients
to attempt access using the switch operator password.