Configuring CLI over SSH using Public Key Authentication

When using a Secure Shell (SSH) connection for secure access to the device's CLI, the device uses the username-password method for authenticating users, by default. To increase security, you can use RSA or ECDSA public keys for user authentication instead of passwords. In this setup, when establishing an SSH connection, the device checks that the SSH private key of the client (user) matches the public key configured for the user on the device.

This section describes how to enable SSH for public key authentication (see Enabling SSH for Public Key Authentication) and how to configure SSH public key authentication on the following operating systems:

■

Windows using PuTTY (see Configuring SSH Public Key Authentication on Windows)

■

Linux using OpenSSH (see Configuring SSH Public Key Authentication on Linux)

The device's embedded SSH server supports SHA-256 (rsa-sha2-256) and SHA-512 (rsa-sha2-512) signature algorithms for public-key client authentication that utilizes RSA keys:

●

Server host key algorithms (refer to RFC 4253 Section 7.1)

●

Algorithm for client authentication (refer to RFC 8303 Section 3.1, and RFC 8332 Section 3.2)