SSH authentication works with two different procedures:
- Interactive with password entry by keyboard
- By exchanging public keys
Keys have to be created for each individual as there are no predefined standard keys. For this reason, LANCOM devices with their factory settings only support authentication by password.
Keys are generated by entering the command sshkeygen at the command line on the device that the administrator want to run the SSH client on. The following syntax applies:
- sshkeygen [-?] [-h] [-t dsa|rsa] [-b bits]
[-f output-file]
- -?, -h: Display a brief help text about the available arguments
- -t: This argument sets the key type.
- -b: This argument sets the length of the RSA key in bits.
- -f: Name for the output file of the key.
- show ssh idkeys
This command generates output similar to the following:
Configured Client-Side SSH Host Keys For User 'root':
ssh-rsa AAAAB3NzaC1yc2EAAAABEQAAAQEA2
8BtnFFInAi8I5B1aOwq5g2YfwIX2O/vMX+9SLZ
AJVAhFnhdOG4wjTpLVuaQRNlITpBESPaWPLqoA
...
wd0T0nkuNQ== root@sshctest
Even though the output is divided into a number of lines, it is a single key consisting of three parts:
- The first part shows the key type (ssh-rsa or ssh-dss).
- The second part is the binary output of the key itself, coded as Base64.
- The third part contains the host name and is intended for entering comments.
This file can be edited with a convenient function in WEBconfig (WEBconfig / Extras / Edit list of allowed SSH public keys). Copy the first and second parts and replace the third part with a list of users to limit the use of this key to a selection of LCOS administrators.