Lenovo RackSwitch G8264 Application Manual

Also see for RackSwitch G8264: Installation guide Product guide Product guide Command reference Installation guide

Contents

© Copyright Lenovo 2016 Chapter 1: Switch Administration 39Using SSH with Public Key AuthenticationSSH can also be used for switch authentication based on asymmetric cryptography.Public encryption keys can be uploaded on the switch and used to authenticateincoming login attempts based on the clients’ private encryption key pairs. After apredefined number of failed public key login attempts, the switch reverts topassword‐based authentication.To set up public key authentication:1. Enable SSH:2. Import the public key file using SFTP or TFTP for the admin user account::Notes: When prompted to input a username, a valid user account name must beentered. If no username is entered, the key is stored on the switch, and can beassigned to a user account later. A user account can have up to 100 public keys set up on the switch.3. Configure a maximum number of 3 failed public key authentication attemptsbefore the system reverts to password‐based authentication:Once the public key is configured on the switch, the client can use SSH to loginfrom a system where the private key pair is set up:RS G8264(config)# ssh enableRS G8264(config)# copy {sftp|tftp} public keyPort type ["DATA"/"MGT"]: mgtAddress or name of remote host: 9.43.101.151Source file name: 11.keyUsername of the public key: adminConfirm download operation (y/n) ? yRS G8264(config)# ssh maxauthattempts 3# ssh IP address>