Difference between revisions of "Cisco IOS: configure public RSA key authentication"
Jump to navigation
Jump to search
Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
Line 48: | Line 48: | ||
== Related Activities == | == Related Activities == | ||
* [[Associate a user with default higher privileges]] using <code>[[username]]</code> command | * [[Associate a user with default higher privileges]] using <code>[[username]]</code> command | ||
− | * Understand <code>login local</code> configuration and implication on remote ssh access | + | * Understand <code>[[login local]]</code> configuration command and implication on remote ssh access |
== See also == | == See also == |
Latest revision as of 11:13, 14 April 2021
Contents
Configure public RSA key authentication[edit]
Main Cisco IOS command: ip ssh pubkey-chain
[1]
Configuration Example in Linux:
1. Generate your key if you do not have already one: ssh-keygen
2. Split your key in 72 characters lines: fold -b -w 72 ~/.ssh/id_rsa.pub
and copy output removing ssh-rsa and last part: username@hostname
3. Configure switch/router
Router_name_1#configure terminal Router_name_1(config)#ip ssh pubkey-chain Router_name_1(conf-ssh-pubkey)#username YOUR_USERNAME Router_name_1(conf-ssh-pubkey-user)#key-string Router_name_1(conf-ssh-pubkey-data)#AAAAB6NzaC1yc2EAAAABJQAAAQEAijoMF9oBwyQxwYbVlFprz+fG8oe5uAcCxwMw Router_name_1(conf-ssh-pubkey-data)#eIR1lyAnDJIsYbTbcdm+n5KiQnCt2561MpN4yOFpajFNM/dqH7/jYaqaicHCSV2F Router_name_1(conf-ssh-pubkey-data)#RGauEp7FzN/uXxsX7mii6qOuxovl9OflLpXcvH5QH6551ycmL8nIv8UCY8uayiGI Router_name_1(conf-ssh-pubkey-data)#INsC0LyKEctWDW6qWp43T7rhcP0y4JoMraTCZLIPNE0Bo0bHgnGLg6fEvJmyB3sX Router_name_1(conf-ssh-pubkey-data)#H+7BaxHdYKg2OcIgVqYzclWhDwxj32kqd1BCq089iBMrb4QppDU2eM/t22iK29mn Router_name_1(conf-ssh-pubkey-data)#eqOGTiCkxB80ix+KULT9okmqkj3TbhCpunTfuPCCRNrjqndBsw== Router_name_1(conf-ssh-pubkey-data)#exit Router_name_1(conf-ssh-pubkey-user)#exit Router_name_1(conf-ssh-pubkey)#exit Router_name_1(config)#
View config:
.../... ip ssh pubkey-chain username USERNAME1 key-hash ssh-rsa 767FA62B914XX0094A293CE7E50C7E35 username USERNAME2 key-hash ssh-rsa C718DBA2DC9XX08C3BF35331E2E8EAt6 .../...
Posible errors:
%SSH: Failed to decode the Key Value
. Make sure you split your key on multiple lines with fold
command
Remove user from ssh authentication[edit]
Router_name_1#configure terminal Router_name_1(config)#ip ssh pubkey-chain Router_name_1(conf-ssh-pubkey)#no username YOUR_USERNAME
Related Activities[edit]
- Associate a user with default higher privileges using
username
command - Understand
login local
configuration command and implication on remote ssh access
See also[edit]
- Digital Media Concepts/RSA (cryptosystem)
ssh-keygen
show ssh
,show ip ssh
, Cisco IOS/Configure public RSA key authentication,transport input ssh
,ip ssh pubkey-chain
,crypto key generate rsa
,show crypto key mypubkey rsa
,crypto key zeroize rsa
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.
Source: https://en.wikiversity.org/wiki/Cisco_IOS/Configure_public_RSA_key_authentication
Advertising: