Difference between revisions of "Cisco IOS: Configure public RSA key authentication"
Jump to navigation
Jump to search
(Created page with " Main Command: <code>ip ssh pubkey-chain</code><ref>https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-v2....") |
Tags: Mobile web edit, Mobile edit |
||
(14 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Main Command: <code>ip ssh pubkey-chain</code><ref>https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-v2.html</ref> | + | Main Command: <code>[[ip ssh]] pubkey-chain</code><ref>https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-v2.html</ref> |
Configuration Example in Linux: | Configuration Example in Linux: | ||
Line 6: | Line 6: | ||
1. Generate your key if you do not have already one: <code>ssh-keygen</code> | 1. Generate your key if you do not have already one: <code>ssh-keygen</code> | ||
− | 2. Split your key in 72 characters lines: <code>fold -b -w 72 ~/.ssh/id_rsa.pub</code> and copy output removing ssh-rsa and last part: username@hostname | + | 2. Split your key in 72 characters lines: <code>[[fold]] -b -w 72 ~/.ssh/id_rsa.pub</code> and copy output removing ssh-rsa and last part: username@hostname |
3. Configure switch/router | 3. Configure switch/router | ||
− | + | ||
− | Router_name_1#configure terminal | + | Router_name_1#configure terminal |
− | Router_name_1(config)#ip ssh pubkey-chain | + | Router_name_1(config)#ip ssh pubkey-chain |
− | Router_name_1(conf-ssh-pubkey)#username YOUR_USERNAME | + | Router_name_1(conf-ssh-pubkey)#[[username]] YOUR_USERNAME |
− | Router_name_1(conf-ssh-pubkey-user)#key-string | + | Router_name_1(conf-ssh-pubkey-user)#key-string |
− | Router_name_1(conf-ssh-pubkey-data)#AAAAB6NzaC1yc2EAAAABJQAAAQEAijoMF9oBwyQxwYbVlFprz+fG8oe5uAcCxwMw | + | Router_name_1(conf-ssh-pubkey-data)#AAAAB6NzaC1yc2EAAAABJQAAAQEAijoMF9oBwyQxwYbVlFprz+fG8oe5uAcCxwMw |
− | Router_name_1(conf-ssh-pubkey-data)#eIR1lyAnDJIsYbTbcdm+n5KiQnCt2561MpN4yOFpajFNM/dqH7/jYaqaicHCSV2F | + | Router_name_1(conf-ssh-pubkey-data)#eIR1lyAnDJIsYbTbcdm+n5KiQnCt2561MpN4yOFpajFNM/dqH7/jYaqaicHCSV2F |
− | Router_name_1(conf-ssh-pubkey-data)#RGauEp7FzN/uXxsX7mii6qOuxovl9OflLpXcvH5QH6551ycmL8nIv8UCY8uayiGI | + | Router_name_1(conf-ssh-pubkey-data)#RGauEp7FzN/uXxsX7mii6qOuxovl9OflLpXcvH5QH6551ycmL8nIv8UCY8uayiGI |
− | Router_name_1(conf-ssh-pubkey-data)#INsC0LyKEctWDW6qWp43T7rhcP0y4JoMraTCZLIPNE0Bo0bHgnGLg6fEvJmyB3sX | + | Router_name_1(conf-ssh-pubkey-data)#INsC0LyKEctWDW6qWp43T7rhcP0y4JoMraTCZLIPNE0Bo0bHgnGLg6fEvJmyB3sX |
− | Router_name_1(conf-ssh-pubkey-data)#H+7BaxHdYKg2OcIgVqYzclWhDwxj32kqd1BCq089iBMrb4QppDU2eM/t22iK29mn | + | Router_name_1(conf-ssh-pubkey-data)#H+7BaxHdYKg2OcIgVqYzclWhDwxj32kqd1BCq089iBMrb4QppDU2eM/t22iK29mn |
− | Router_name_1(conf-ssh-pubkey-data)#eqOGTiCkxB80ix+KULT9okmqkj3TbhCpunTfuPCCRNrjqndBsw== | + | Router_name_1(conf-ssh-pubkey-data)#eqOGTiCkxB80ix+KULT9okmqkj3TbhCpunTfuPCCRNrjqndBsw== |
− | Router_name_1(conf-ssh-pubkey-data)#exit | + | Router_name_1(conf-ssh-pubkey-data)#exit |
− | Router_name_1(conf-ssh-pubkey-user)#exit | + | Router_name_1(conf-ssh-pubkey-user)#exit |
− | Router_name_1(conf-ssh-pubkey)#exit | + | Router_name_1(conf-ssh-pubkey)#exit |
− | Router_name_1(config)# | + | Router_name_1(config)# |
− | |||
View config: | View config: | ||
Line 33: | Line 32: | ||
== Related Activities == | == Related Activities == | ||
− | * [[Cisco IOS | + | * [[Cisco IOS: Associate a user with default higher privileges]] using <code>username</code> command |
+ | * <code>[[transport input ssh]]</code> | ||
+ | * <code>[[ip ssh]]</code> | ||
== See also == | == See also == | ||
− | * [[ | + | * [[Configure OpenSSH to allow Public-key authentication]] |
− | |||
− | |||
* <code>ssh-keygen</code> | * <code>ssh-keygen</code> | ||
+ | * {{IOS ssh}} | ||
+ | * {{IOS}} | ||
[[Category: Cisco]] | [[Category: Cisco]] |
Latest revision as of 07:58, 14 April 2021
Main Command: ip ssh pubkey-chain
[1]
Configuration Example in Linux:
1. Generate your key if you do not have already one: ssh-keygen
2. Split your key in 72 characters lines: fold -b -w 72 ~/.ssh/id_rsa.pub
and copy output removing ssh-rsa and last part: username@hostname
3. Configure switch/router
Router_name_1#configure terminal Router_name_1(config)#ip ssh pubkey-chain Router_name_1(conf-ssh-pubkey)#username YOUR_USERNAME Router_name_1(conf-ssh-pubkey-user)#key-string Router_name_1(conf-ssh-pubkey-data)#AAAAB6NzaC1yc2EAAAABJQAAAQEAijoMF9oBwyQxwYbVlFprz+fG8oe5uAcCxwMw Router_name_1(conf-ssh-pubkey-data)#eIR1lyAnDJIsYbTbcdm+n5KiQnCt2561MpN4yOFpajFNM/dqH7/jYaqaicHCSV2F Router_name_1(conf-ssh-pubkey-data)#RGauEp7FzN/uXxsX7mii6qOuxovl9OflLpXcvH5QH6551ycmL8nIv8UCY8uayiGI Router_name_1(conf-ssh-pubkey-data)#INsC0LyKEctWDW6qWp43T7rhcP0y4JoMraTCZLIPNE0Bo0bHgnGLg6fEvJmyB3sX Router_name_1(conf-ssh-pubkey-data)#H+7BaxHdYKg2OcIgVqYzclWhDwxj32kqd1BCq089iBMrb4QppDU2eM/t22iK29mn Router_name_1(conf-ssh-pubkey-data)#eqOGTiCkxB80ix+KULT9okmqkj3TbhCpunTfuPCCRNrjqndBsw== Router_name_1(conf-ssh-pubkey-data)#exit Router_name_1(conf-ssh-pubkey-user)#exit Router_name_1(conf-ssh-pubkey)#exit Router_name_1(config)#
View config:
Posible errors:
%SSH: Failed to decode the Key Value
. Make sure you split your key on multiple lines with fold
command
Related Activities[edit]
- Cisco IOS: Associate a user with default higher privileges using
username
command transport input ssh
ip ssh
See also[edit]
- Configure OpenSSH to allow Public-key authentication
ssh-keygen
show ssh
,show ip ssh
, Cisco IOS/Configure public RSA key authentication,transport input ssh
,ip ssh pubkey-chain
,crypto key generate rsa
,show crypto key mypubkey rsa
,crypto key zeroize rsa
- Cisco IOS: Cisco IOS XE, Config (mode), VLANs, Cisco IOS logging, VTP, ACLs,
show logging
,show logging history
,show interface status
,debug
,archive
,show archive
,conf t
,int
,ip http server
,ip ssh
,ip address
, vty,show mac address-table
,show access-list
, Access-list,ip access-group
,admin
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.
Source: https://en.wikiversity.org/wiki/Cisco_IOS/Configure_public_RSA_key_authentication
Advertising: