Tuesday, 26 August 2014

Cisco 300 Switch: SSH Public Key Authentication

Generate SSH Keys

The following was completed on Ubuntu desktop.
  • Open 'Passwords and Keys'
  • Click add then 'Secure Shell Key'
  • Press 'Continue'
  • Give your key a description
  • Then click 'Just Create Key'

You will be prompted for a 'passphrase', you can leave it blank if you want.

You can also do this quickly from terminal with the following commands;

Configure Switch

Enter the following commands;


Additionally create an account with the 'username' command in global config.

Now setup the RSA key;


After entering 'key-string' press enter and put in the SSH key that you generated earlier.  Press enter twice when you've copied the key over, and it should show a 'Fingerprint' id

I had a problem with the number of retries allowed when logging in this way (As I created a SSH key for each device, instead of just using one for all of the devices). I cleared this up by removing some RSA keys that I no longer use. You can increase the number of SSH retries, but on the 300 switches the command does not appear.

If you do get a problem logging via ssh in try this;

  • ssh -o PubkeyAuthentication=no username@hostname.com



No comments:

Post a Comment