SSH access using shared public keys
Remote access to the vRouter is typically accomplished through Telnet or SSH. For either of these methods, passwords are authenticated by using the local login user database, a RADIUS server, or a TACACS+ server, as previously described. SSH is typically used when a secure session is required. One potential problem with password authentication, even by using SSH, is that password authentication is susceptible to brute-force password guessing. An alternative to password authentication, which mitigates this risk, is to authenticate SSH users by using shared public keys. With this authentication method, a private and public key pair are generated (typically by using the Linux ssh-keygen command) on a remote system. The public key file (typically with a extension) is loaded into the login configuration for the user who is accessing the system with it by using loadkey. In addition, the vRouter must be configured to disable password authentication for SSH (refer to Ciena Vyatta Network OS Services Configuration Guide ). So, SSH users can be authenticated by using passwords or shared public keys, but not both.