Difference between revisions of "Cisco IOS: Configure public RSA key authentication"

From wikieduonline
Jump to navigation Jump to search
(Created page with " Main Command: <code>ip ssh pubkey-chain</code><ref>https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-v2....")
 
Tags: Mobile web edit, Mobile edit
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
  
Main Command: <code>ip ssh pubkey-chain</code><ref>https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-v2.html</ref>
+
Main Command: <code>[[ip ssh]] pubkey-chain</code><ref>https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-v2.html</ref>
  
 
Configuration Example in Linux:
 
Configuration Example in Linux:
Line 6: Line 6:
 
1. Generate your key if you do not have already one: <code>ssh-keygen</code>
 
1. Generate your key if you do not have already one: <code>ssh-keygen</code>
  
2. Split your key in 72 characters lines: <code>fold -b -w 72 ~/.ssh/id_rsa.pub</code> and copy output removing ssh-rsa and last part: username@hostname
+
2. Split your key in 72 characters lines: <code>[[fold]] -b -w 72 ~/.ssh/id_rsa.pub</code> and copy output removing ssh-rsa and last part: username@hostname
  
 
3. Configure switch/router
 
3. Configure switch/router
<pre>
+
 
Router_name_1#configure terminal
+
Router_name_1#configure terminal
Router_name_1(config)#ip ssh pubkey-chain  
+
Router_name_1(config)#ip ssh pubkey-chain  
Router_name_1(conf-ssh-pubkey)#username YOUR_USERNAME
+
Router_name_1(conf-ssh-pubkey)#[[username]] YOUR_USERNAME
Router_name_1(conf-ssh-pubkey-user)#key-string
+
Router_name_1(conf-ssh-pubkey-user)#key-string
Router_name_1(conf-ssh-pubkey-data)#AAAAB6NzaC1yc2EAAAABJQAAAQEAijoMF9oBwyQxwYbVlFprz+fG8oe5uAcCxwMw       
+
Router_name_1(conf-ssh-pubkey-data)#AAAAB6NzaC1yc2EAAAABJQAAAQEAijoMF9oBwyQxwYbVlFprz+fG8oe5uAcCxwMw       
Router_name_1(conf-ssh-pubkey-data)#eIR1lyAnDJIsYbTbcdm+n5KiQnCt2561MpN4yOFpajFNM/dqH7/jYaqaicHCSV2F       
+
Router_name_1(conf-ssh-pubkey-data)#eIR1lyAnDJIsYbTbcdm+n5KiQnCt2561MpN4yOFpajFNM/dqH7/jYaqaicHCSV2F       
Router_name_1(conf-ssh-pubkey-data)#RGauEp7FzN/uXxsX7mii6qOuxovl9OflLpXcvH5QH6551ycmL8nIv8UCY8uayiGI         
+
Router_name_1(conf-ssh-pubkey-data)#RGauEp7FzN/uXxsX7mii6qOuxovl9OflLpXcvH5QH6551ycmL8nIv8UCY8uayiGI         
Router_name_1(conf-ssh-pubkey-data)#INsC0LyKEctWDW6qWp43T7rhcP0y4JoMraTCZLIPNE0Bo0bHgnGLg6fEvJmyB3sX       
+
Router_name_1(conf-ssh-pubkey-data)#INsC0LyKEctWDW6qWp43T7rhcP0y4JoMraTCZLIPNE0Bo0bHgnGLg6fEvJmyB3sX       
Router_name_1(conf-ssh-pubkey-data)#H+7BaxHdYKg2OcIgVqYzclWhDwxj32kqd1BCq089iBMrb4QppDU2eM/t22iK29mn       
+
Router_name_1(conf-ssh-pubkey-data)#H+7BaxHdYKg2OcIgVqYzclWhDwxj32kqd1BCq089iBMrb4QppDU2eM/t22iK29mn       
Router_name_1(conf-ssh-pubkey-data)#eqOGTiCkxB80ix+KULT9okmqkj3TbhCpunTfuPCCRNrjqndBsw==
+
Router_name_1(conf-ssh-pubkey-data)#eqOGTiCkxB80ix+KULT9okmqkj3TbhCpunTfuPCCRNrjqndBsw==
Router_name_1(conf-ssh-pubkey-data)#exit
+
Router_name_1(conf-ssh-pubkey-data)#exit
Router_name_1(conf-ssh-pubkey-user)#exit
+
Router_name_1(conf-ssh-pubkey-user)#exit
Router_name_1(conf-ssh-pubkey)#exit
+
Router_name_1(conf-ssh-pubkey)#exit
Router_name_1(config)#
+
Router_name_1(config)#
</pre>
 
  
 
View config:  
 
View config:  
Line 33: Line 32:
  
 
== Related Activities ==
 
== Related Activities ==
* [[Cisco IOS/Associate a user with default higher privileges]] using <code>username</code> command
+
* [[Cisco IOS: Associate a user with default higher privileges]] using <code>username</code> command
 +
* <code>[[transport input ssh]]</code>
 +
* <code>[[ip ssh]]</code>
  
 
== See also ==
 
== See also ==
* [[Digital Media Concepts/RSA (cryptosystem)]]
+
* [[Configure OpenSSH to allow Public-key authentication]]
* [[OpenSSH/Configure OpenSSH to allow Public-key authentication]]
 
* CompTIA [[IT Security/Access Control/Authentication and Authorization]]
 
 
* <code>ssh-keygen</code>
 
* <code>ssh-keygen</code>
 +
* {{IOS ssh}}
 +
* {{IOS}}
  
 
[[Category: Cisco]]
 
[[Category: Cisco]]

Latest revision as of 07:58, 14 April 2021

Main Command: ip ssh pubkey-chain[1]

Configuration Example in Linux:

1. Generate your key if you do not have already one: ssh-keygen

2. Split your key in 72 characters lines: fold -b -w 72 ~/.ssh/id_rsa.pub and copy output removing ssh-rsa and last part: username@hostname

3. Configure switch/router

Router_name_1#configure terminal
Router_name_1(config)#ip ssh pubkey-chain 
Router_name_1(conf-ssh-pubkey)#username YOUR_USERNAME
Router_name_1(conf-ssh-pubkey-user)#key-string
Router_name_1(conf-ssh-pubkey-data)#AAAAB6NzaC1yc2EAAAABJQAAAQEAijoMF9oBwyQxwYbVlFprz+fG8oe5uAcCxwMw       
Router_name_1(conf-ssh-pubkey-data)#eIR1lyAnDJIsYbTbcdm+n5KiQnCt2561MpN4yOFpajFNM/dqH7/jYaqaicHCSV2F       
Router_name_1(conf-ssh-pubkey-data)#RGauEp7FzN/uXxsX7mii6qOuxovl9OflLpXcvH5QH6551ycmL8nIv8UCY8uayiGI        
Router_name_1(conf-ssh-pubkey-data)#INsC0LyKEctWDW6qWp43T7rhcP0y4JoMraTCZLIPNE0Bo0bHgnGLg6fEvJmyB3sX       
Router_name_1(conf-ssh-pubkey-data)#H+7BaxHdYKg2OcIgVqYzclWhDwxj32kqd1BCq089iBMrb4QppDU2eM/t22iK29mn      
Router_name_1(conf-ssh-pubkey-data)#eqOGTiCkxB80ix+KULT9okmqkj3TbhCpunTfuPCCRNrjqndBsw==
Router_name_1(conf-ssh-pubkey-data)#exit
Router_name_1(conf-ssh-pubkey-user)#exit
Router_name_1(conf-ssh-pubkey)#exit
Router_name_1(config)#

View config:

Posible errors: %SSH: Failed to decode the Key Value. Make sure you split your key on multiple lines with fold command

Related Activities[edit]

See also[edit]


Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Source: https://en.wikiversity.org/wiki/Cisco_IOS/Configure_public_RSA_key_authentication

Advertising: