X.509v3 certificate authentication for SSH

This feature supports user-authentication in SSH using X.509v3-based certificates.

Syntax

aaa authentication ssh {enable | login | client} <primary-method> [<backup-method>]

Description

Configure the authentication mechanism used to control SSH access to the switch. The X.509 certificate authentication for the SSH server works only when both enable and login options are configured to use certificate as the primary authentication method.

Parameters

  • enable: Configure access to the privileged mode commands.
  • login: Configure login access to the switch.
  • client: Configure SSH client authentication for the switch.

Example

Use the X.509 certificate for SSH client authentication. To disable this feature, use none as the primary authentication method.

switch# aaa authentication ssh client certificate none