Tuesday, 26 August 2014

Cisco 300 Switch: SSH Public Key Authentication

Generate SSH Keys


The following was completed on Ubuntu desktop.
  • Open 'Passwords and Keys'
  • Click add then 'Secure Shell Key'
  • Press 'Continue'
  • Give your key a description
  • Then click 'Just Create Key'

 
You will be prompted for a 'passphrase', you can leave it blank if you want.

You can also do this quickly from terminal with the following commands;




Configure Switch


Enter the following commands;

 

Additionally create an account with the 'username' command in global config.

Now setup the RSA key;

 

After entering 'key-string' press enter and put in the SSH key that you generated earlier.  Press enter twice when you've copied the key over, and it should show a 'Fingerprint' id

I had a problem with the number of retries allowed when logging in this way (As I created a SSH key for each device, instead of just using one for all of the devices). I cleared this up by removing some RSA keys that I no longer use. You can increase the number of SSH retries, but on the 300 switches the command does not appear.

If you do get a problem logging via ssh in try this;

  • ssh -o PubkeyAuthentication=no username@hostname.com


Sources;


http://superuser.com/questions/187779/too-many-authentication-failures-for-username
http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/
http://blog.campodoro.org/?p=2243


No comments:

Post a Comment