SSH Public Key Authentication

Zyxel_Claudia
Zyxel_Claudia Posts: 81  Zyxel Employee
First Comment Friend Collector Second Anniversary

With the latest firmware update (version 4,90), Zyxel has introduced SSH Public Key Authentication to enhance security for accessing managed switches. This feature allows administrators to authenticate using SSH keys instead of a password, which provides an added layer of protection, especially for sensitive network environments.

What is SSH Public Key Authentication?

SSH Public Key Authentication is a method of connecting to a switch securely using a cryptographic key pair:

  1. Public Key: Stored on the switch, this key verifies incoming connections.
  2. Private Key: Stored securely on the user’s device (e.g., a laptop) and used to initiate a secure connection.

Only devices with the correct private key can authenticate.

Benefits of SSH Public Key Authentication

Enhanced Security: Eliminates the need to store or transmit passwords, reducing the risk of unauthorized access.

Setting Up SSH Public Key Authentication on a Zyxel Switch

To enable SSH Public Key Authentication, follow these steps:

1. Generate the SSH Key Pair

On your local device (laptop), generate an SSH key pair using a terminal or a tool like PuTTY, in this example we use Teraterm:

  • Generating Key Pair

Configure key type and key bit, then click “Generate”

  • Save the key pair in a secure folder on your device.
  • This will generate two files:
    • Public Key: (e.g., id_rsa.pub) — to be uploaded to the switch.
    • Private Key: (e.g., id_rsa) — stored on your device.

2. Upload the Public Key to the Switch

  1. Access the switch Maintenance, go to the SSH Authorized Keys section.
  2. Select Import Public Key and upload the id_rsa.pub file (or your generated public key) to switch.

3. Use the Private Key to Access the Switch

  1. On your laptop, open an SSH client (such as Teraterm).
  2. Configure the authentication metohd to use the private key (id_rsa).
  3. In a terminal, initiate the SSH connection using:
  4. Once configured, SSH will authenticate using the private key instead of prompting for a password.

Security and Compatibility Notes

  • Supported Key Types: Zyxel switches support RSA and ECDSA key types, with lengths up to 4096 bits.
  • Key Management: Ensure that private keys are stored securely on the local device, as they are critical for secure access.
  • Accessing Switch: Users will have the option to access device using admin with private key.

Summary

The SSH Public Key Authentication feature in the firmware version 4.90 enables administrators to securely access Zyxel switches without needing a password, adding security and convenience. By supporting public key authentication, Zyxel provides a solution for secure network management, particularly valuable for users needing secure, repeated access to network devices.