Disable SSH-Simple authentication and allow only SSH-RSA method in Director

book

Article ID: 168549

calendar_today

Updated On:

Products

Director

Issue/Introduction

You want to disable SSH-Simple authentication and allow only SSH-RSA method in Director.

Resolution

By default, Director can used both SSH-Simple and SSH-RSA authentication methods. 

Verify default settings using the following command line interface (CLI) command:

Director# show ssh server
SSH server enabled: yes
SSHv1 enabled: <Deprecated>
SSHv2 enabled: yes
Allow password authentication: yes
Permit empty password authentication: yes
Allow RSA authentication: yes
SSHv1: No host key defined.


Disable the SSH-Simple authentication method using the following CLI command:

Director# conf t
Director(config) # no ssh server auth allowpassword 

Verify the changed setting:

Director.39 (config) # show ssh server
SSH server enabled: yes
SSHv1 enabled: <Deprecated>
SSHv2 enabled: yes
Allow password authentication: no
Permit empty password authentication: yes
Allow RSA authentication: yes
SSHv1: No host key defined.


Try to log in to the Director Management Console using SSH-Simple. You should receive the error Invalid Username or Password. This also applies to CLI access (SSH) to Director.

Note: If you disable both authentication methods, only console access is allowed.