Difference between revisions of "Cisco IOS: configure public RSA key authentication"
Jump to navigation
Jump to search
Tags: Mobile web edit, Mobile edit |
|||
(15 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | == Configure public RSA key authentication == | |
− | Main | + | Main [[Cisco IOS]] command: <code>[[ip ssh pubkey-chain]]</code><ref>https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-v2.html</ref> |
Configuration Example in Linux: | Configuration Example in Linux: | ||
Line 6: | Line 6: | ||
1. Generate your key if you do not have already one: <code>ssh-keygen</code> | 1. Generate your key if you do not have already one: <code>ssh-keygen</code> | ||
− | 2. Split your key in 72 characters lines: <code>fold -b -w 72 ~/.ssh/id_rsa.pub</code> and copy output removing ssh-rsa and last part: username@hostname | + | 2. Split your key in 72 characters lines: <code>[[fold]] -b -w 72 ~/.ssh/id_rsa.pub</code> and copy output removing ssh-rsa and last part: username@hostname |
3. Configure switch/router | 3. Configure switch/router | ||
Line 28: | Line 28: | ||
View config: | View config: | ||
* <code>[[show ip ssh]]</code> | * <code>[[show ip ssh]]</code> | ||
+ | * <code>[[show running-config]]</code> | ||
+ | .../... | ||
+ | ip ssh pubkey-chain | ||
+ | username USERNAME1 | ||
+ | key-hash ssh-rsa 767FA62B914XX0094A293CE7E50C7E35 | ||
+ | username USERNAME2 | ||
+ | [[key-hash]] ssh-rsa C718DBA2DC9XX08C3BF35331E2E8EAt6 | ||
+ | .../... | ||
Posible errors: | Posible errors: | ||
<code>%SSH: Failed to decode the Key Value</code>. Make sure you split your key on multiple lines with <code>[[fold]]</code> command | <code>%SSH: Failed to decode the Key Value</code>. Make sure you split your key on multiple lines with <code>[[fold]]</code> command | ||
+ | |||
+ | |||
+ | == Remove user from ssh authentication == | ||
+ | Router_name_1#configure terminal | ||
+ | Router_name_1(config)#ip ssh pubkey-chain | ||
+ | Router_name_1(conf-ssh-pubkey)#no username YOUR_USERNAME | ||
== Related Activities == | == Related Activities == | ||
− | * [[ | + | * [[Associate a user with default higher privileges]] using <code>[[username]]</code> command |
+ | * Understand <code>[[login local]]</code> configuration command and implication on remote ssh access | ||
== See also == | == See also == | ||
* [[Digital Media Concepts/RSA (cryptosystem)]] | * [[Digital Media Concepts/RSA (cryptosystem)]] | ||
− | |||
− | |||
* <code>[[ssh-keygen]]</code> | * <code>[[ssh-keygen]]</code> | ||
+ | * {{IOS ssh}} | ||
[[Category: Cisco]] | [[Category: Cisco]] |
Latest revision as of 11:13, 14 April 2021
Contents
Configure public RSA key authentication[edit]
Main Cisco IOS command: ip ssh pubkey-chain
[1]
Configuration Example in Linux:
1. Generate your key if you do not have already one: ssh-keygen
2. Split your key in 72 characters lines: fold -b -w 72 ~/.ssh/id_rsa.pub
and copy output removing ssh-rsa and last part: username@hostname
3. Configure switch/router
Router_name_1#configure terminal Router_name_1(config)#ip ssh pubkey-chain Router_name_1(conf-ssh-pubkey)#username YOUR_USERNAME Router_name_1(conf-ssh-pubkey-user)#key-string Router_name_1(conf-ssh-pubkey-data)#AAAAB6NzaC1yc2EAAAABJQAAAQEAijoMF9oBwyQxwYbVlFprz+fG8oe5uAcCxwMw Router_name_1(conf-ssh-pubkey-data)#eIR1lyAnDJIsYbTbcdm+n5KiQnCt2561MpN4yOFpajFNM/dqH7/jYaqaicHCSV2F Router_name_1(conf-ssh-pubkey-data)#RGauEp7FzN/uXxsX7mii6qOuxovl9OflLpXcvH5QH6551ycmL8nIv8UCY8uayiGI Router_name_1(conf-ssh-pubkey-data)#INsC0LyKEctWDW6qWp43T7rhcP0y4JoMraTCZLIPNE0Bo0bHgnGLg6fEvJmyB3sX Router_name_1(conf-ssh-pubkey-data)#H+7BaxHdYKg2OcIgVqYzclWhDwxj32kqd1BCq089iBMrb4QppDU2eM/t22iK29mn Router_name_1(conf-ssh-pubkey-data)#eqOGTiCkxB80ix+KULT9okmqkj3TbhCpunTfuPCCRNrjqndBsw== Router_name_1(conf-ssh-pubkey-data)#exit Router_name_1(conf-ssh-pubkey-user)#exit Router_name_1(conf-ssh-pubkey)#exit Router_name_1(config)#
View config:
.../... ip ssh pubkey-chain username USERNAME1 key-hash ssh-rsa 767FA62B914XX0094A293CE7E50C7E35 username USERNAME2 key-hash ssh-rsa C718DBA2DC9XX08C3BF35331E2E8EAt6 .../...
Posible errors:
%SSH: Failed to decode the Key Value
. Make sure you split your key on multiple lines with fold
command
Remove user from ssh authentication[edit]
Router_name_1#configure terminal Router_name_1(config)#ip ssh pubkey-chain Router_name_1(conf-ssh-pubkey)#no username YOUR_USERNAME
Related Activities[edit]
- Associate a user with default higher privileges using
username
command - Understand
login local
configuration command and implication on remote ssh access
See also[edit]
- Digital Media Concepts/RSA (cryptosystem)
ssh-keygen
show ssh
,show ip ssh
, Cisco IOS/Configure public RSA key authentication,transport input ssh
,ip ssh pubkey-chain
,crypto key generate rsa
,show crypto key mypubkey rsa
,crypto key zeroize rsa
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.
Source: https://en.wikiversity.org/wiki/Cisco_IOS/Configure_public_RSA_key_authentication
Advertising: