Deactivating user authentication

After the SSH server on the Ruckus device negotiates a session key and encryption method with the connecting client, user authentication takes place. The Ruckus implementation of SSH supports DSA or RSA challenge-response authentication and password authentication.

With DSA or RSA challenge-response authentication, a collection of clients’ public keys are stored on the Ruckus device. Clients are authenticated using these stored public keys. Only clients that have a private key that corresponds to one of the stored public keys can gain access to the device using SSH.

With password authentication, users are prompted for a password when they attempt to log into the device (provided empty password logins are not allowed). If there is no user account that matches the user name and password supplied by the user, the user is not granted access.

You can deactivate one or both user authentication methods for SSH. Note that deactivating both authentication methods essentially disables the SSH server entirely.

To disable DSA or RSA challenge-response authentication, enter the following command.

device(config)#ip ssh key-authentication no

Syntax: ip ssh key--authentication { yes | no }

The default is yes .

To deactivate password authentication, enter the following command.

device(config)#ip ssh password-authentication no

Syntax: ip ssh password--authentication { no | yes }

The default is yes .