Remember, I'm not talking about servers, I'm trying to SCP files from switches
, so they don't have as sophisticated a key-handling scheme. They want to have a single DSA key pair. Using the same key pair on every switch creates a new security risk, plus it is
sort of a pain to set up. Using different keys for each switch would be a major
pain to set up.
But it goes beyond that. Since SSH is already enabled on each switch, the OS won't let you run the keygen command on the switch. I.e. it won't create or load the keys until SSH is disabled. We use SSH to get to the switches. Catch-22.
Hence, I need to use password-based authentication (for now).