Enabling client public-key authentication

After you TFTP a client public-key file into the switch, configure the switch to allow the following:

If an SSH client's public key matches the switch client public-key file, allow that client access to the switch. If there is not a public-key match, then deny access to that client.


aaa authentication ssh login public-key none

Allows SSH client access only if the switch detects a match between the client’s public key and an entry in the client-public- key file most recently copied into the switch.


To enable client public-key authentication to block SSH clients whose public keys are not in the client public-key file copied into the switch, you must configure the Login Secondary as none. Otherwise, the switch allows such clients to attempt access using the switch operator password.