908 BigIron RX Series Configuration Guide53-1001986-01Configuring SSH30 Providing the public key to clientsIf you are using SSH to connect to a device from a UNIX system, you may need to add the device’spublic key to a “known hosts” file; for example, $HOME/.ssh/known_hosts. The following is anexample of an entry in a known hosts file.Configuring DSA challenge-response authenticationWith DSA challenge-response authentication, a collection of clients’ public keys are stored on thedevice. Clients are authenticated using these stored public keys. Only clients that have a privatekey that corresponds to one of the stored public keys can gain access to the device using SSH.When DSA challenge-response authentication is enabled, the following events occur when a clientattempts to gain access to the device using SSH.1. The client sends its public key to the device.2. The device compares the client’s public key to those stored in memory.3. If there is a match, the device uses the public key to encrypt a random sequence of bytes.4. The device sends these encrypted bytes to the client.5. The client uses its private key to decrypt the bytes.6. The client sends the decrypted bytes back to the device.7. The device compares the decrypted bytes to the original bytes it sent to the client. If the twosets of bytes match, it means that the client’s private key corresponds to an authorized publickey, and the client is authenticated.Setting up DSA challenge-response authentication consists of the following steps.1. Importing authorized public keys into the device.2. Enabling DSA challenge response authenticationImporting authorized public keys into the deviceSSH clients that support DSA authentication normally provide a utility to generate an DSA key pair.The private key is usually stored in a password-protected file on the local host; the public key isstored in another file and is not protected. You should collect one public key from each client to begranted access to the device and place all of these keys into one file. This public key file is importedinto the device.The following is an example of a public key file containing one public keys.AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbETW6ToHv8D1UJ/z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH YI14Om1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5cvwHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9vGfJ0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAAvioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACBAN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HSn24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV