X.509v3 certificate authentication for SSH

NOTE:

The X.509v3 certificate authentication for SSH feature is available only on switches running KB software.

This feature supports user-authentication in SSH using X.509v3-based certificates.

CLI command

Syntax

 aaa authentication ssh {enable | login | client} <primary-method> [<backup-method>]

Description

Configure the authentication mechanism used to control SSH access to the switch. The X.509 certificate authentication for the SSH server works only when both enable and login options are configured to use certificate as the primary authentication method.

Options

enable: Configure access to the privileged mode commands.
login: Configure login access to the switch.
client: Configure SSH client authentication for the switch.

Example

aaa authentication ssh client certificate none

Use the X.509 certificate for SSH client authentication. To disable this feature, use none as the primary authentication method.