SSH User Authentication

If you use the SSH User Authentication page to create an SSH username for a user who is already configured in the local user database. You can prevent additional authentication by configuring the Automatic Login feature, which works as follows:

  • Enabled—If a user is defined in the local database, and this user passed SSH Authentication using a public-key, the authentication by the local database username and password is skipped.

    Note

    The configured authentication method for this specific management method (console, Telnet, SSH and so on) must be Local (i.e. not RADIUS or TACACS+).

  • Not Enabled—After successful authentication by SSH public key, even if the username is configured in the local user database, the user is authenticated again, as per the configured authentication methods.

To enable authentication and add a user.

Procedure

Step 1

Click Security > SSH Server > SSH User Authentication.

Step 2

Select the following fields:

  • SSH User Authentication by Password—Select Enable to enable and perform authentication of the SSH client user using the username/password configured in the local database.

  • SSH Session Logging— Select Enable to enable SSH session logging. The SSH session logging allows a user to track the progress of an SSH session setup and tear-down, via syslog messages generated by the device.

  • SSH User Authentication by Public Key—Select Enable to enable authentication of the SSH client user using the public key.

  • Automatic Login—Select Enable to enable SSH User Authentication by Public Key feature.

Step 3

Click Apply. The settings are saved to the Running Configuration file.

The following fields are displayed for the configured users:

  • SSH User Name—User name of user.

  • Key Type—Whether this is an RSA or DSA key.

  • Fingerprint—Fingerprint generated from the public keys.

Step 4

Click Add or Edit to add or edit a user and enter the fields:

  • SSH User Name—Enter a user name.

  • Key Type—Select either RSA or DSA.

  • Public Key—Copy the public key generated by an external SSH client application (like PuTTY) into this text box.

Step 5

Click Apply to save the new user.

The following fields are displayed for all active users:

  • IP Address—IP address of the active user.

  • SSH User Name—User name of the active user.

  • SSH Version—Version of SSH used by the active user.

  • Cipher—Cipher of the active user.

  • Authentication Code—Authentication code of the active user.