Copying client key files

Only one ssh client key for authenticating the manager is allowed on a switch. The copy command allows you to copy the client key files using sftp, tftp, and usb or xmodem, allowing encryption and authentication through SSH. There is no way to generate the private key on the switch; it must be copied onto the switch.

To load the client private key onto the switch, use one of the following commands:

Syntax:

copy sftp ssh-client-key [user <username>|<username@>] <hostname|IPv4|IPv6>
 <private-key-filename> [port|<tcp-port-num>]

copy tftp ssh-client-key <hostname|IPv4|IPv6> <private-key-filename>

copy usb ssh-client-key <private-key-filename>

copy xmodem ssh-client-key

Copies the client key file <private-key-filename> onto the switch.

ssh-client-key: The client key file being copied to the switch. The file must contain an RSA or DSA key.

[user <username|username@>]: Optional, there must be configured usernames for operator and manager.

If no username is specified, the client's current username is used. There will be a prompt for a password if needed.

hostname: Specifies the hostname of the SFTP or TFTP server.

IPv4: Specifies the SFTP or TFTP server's IPv4 address.

IPv6: Specifies the SFTP or TFTP server's IPv6 address.

<private-key-filename> : The remote filename containing the key.

[port <tcp-port-num>] : TCP port of the SSH server on the remote system.

The copied private key is stored in the ssh directory of the switch file system and is persistent across switch reboots. After the initial copying is complete, the client key can be overwritten by repeating the copy command. No verification of the validity of the key is done when executing the copy command.