A SSH users can be authenticated in six modes: password, RSA, DSA, Password-RSA, Password-DSA, and All. The mos used are the below:
· Password authentication: is based on the user name and password. You need to configure a password for each SSH user in the AAA view. A user must enter the correct user name and password to log in using SSH.
· Revest-Shamir-Adleman Algorithm (RSA) authentication: is based on the private key of the client. RSA is a public-key cryptographic system that uses an asymmetric encryption algorithm. An RSA key pair consists of a public key and a private key. You need to copy the public key generated by the client to the SSH server. The SSH server then uses the public key to encrypt data.
<!--[if !supportLists]-->
The SSH password authentication can be implemented correctly to provide different privilege levels to users after authentication according to the AAA configuration. In this way we can set different user levels for the SSH users to control the device access permission.
The problem appears in the case where we use RSA authentication for the STelnet services. When we are using RSA key authentication, the user will be correctly authenticated but the user will receive a default privilege level of 0 even though the same user has different level configured in the AAA view.In this situation the user will not be able to reach the system view and will have access to a limited number of commands.
Config and info:
aaa
statistic enable
local-user admin password irreversible-cipher xxxx
local-user admin privilege level 15
local-user admin service-type telnet terminal ssh ftp
local-user admin user-type netmanager
stelnet server enable
scp server enable
ssh user admin
ssh user admin authentication-type all
ssh user admin assign rsa-key admin
ssh user admin service-type all
ssh user admin sftp-directory flash:/
Result after loging in with ssh and rsa authentication:
