veloc1ty · ʎʇƖɔolǝʌ

Links:

Each icon is taken from the providers trademark page.

Content licensed under CC BY-SA 4.0 - Powered by Hugo and a customized Hyde-X template

Cisco SG-350: SSH pubkey key auth

Thursday, December 6 2018 · Lesezeit: 1 Minuten · 190 Wörter · Tags: ciscosg350 Achtung! Dieser Artikel ist älter als ein Jahr. Der Inhalt ist möglicherweise nicht mehr aktuell!

I wanted to activate ssh public key authentication on my Cisco SG-350 10 Port manged switch. And it was a pain in the ass because of the slightly different CLI syntax.

First of all enable ssh. This requires a configured and working IP address on the switch:

SwitchR#conf t
SwitchR(config)#ip ssh server
SwitchR(config)#ip ssh pubkey-auth auto-login

SSH pubkey authentication is now enabled. Now you have to add an ssh key to your user. This requires an already configured user with the desired privilege level:

SwitchR(config)#crypto key pubkey-chain ssh
SwitchR(config-pubkey-chain)#user-key veloc1ty rsa
SwitchR(config-pubkey-key)#key-string

Enter key-string and hit enter. The CLI now expects a ssh public key pasted in. Remove ssh-rsa in the beginning of your key and strip away the key comment at the end if you have one.

This is repeated just to show it ---> SwitchR(config-pubkey-key)#key-string
AAAAB3NzaC1yc2EAAAADAQABAAACAQDa8y4yq6qkNGT2qiPkzyjRWMqOuOP7h8/P6V/AYjgYwJWM06Cm5nnqgtMA2SCiSpPZNOp5sVE+85k5NmdfuASJHVvBiUrlMOvjQVojA0QJc+I23WGmGRQp2eGYgDRia+N4itwuEExIUmZtUqwvIfhCeZJycIo4VjzwdTxg4pMtrx+sC3N1+vN3N9so0gYWW3X7p6GMU4UeBSwCqmVV1cHJKbxbXbaw8JUc4P/MIys1orhj0ePgi2mSSfA2rlMEHbGD4tpZeUcxfEkd9QKf6OC2/z80V501qKTT1eFVwVKwZlqzpS0Vi5o72X8329BHyRYKlbJvKzIOEdHMeVs9eB6HKP/580lJjhCc2ZkqnV/PZuiJ89a4oBeAkahyFZdHPVHqcec8KSBh80XwAjNHEhzw5i2r82Cr1ytEDCrhDJwTGCZZS35JX0AS3Bv73R0m4q82h/rLc/e2W7w6lgEyBu6KcQqF5xNzxDdHa8KCrjo8GNqQQg5KFltK4w+tb7KSIuC8SFXpXyOiHosTynmdsTM3M1NQXJgQ7yjOxpw0EnuozdUfxB2thkuTpCwiOMIeolD3TFY3wP2Zum9pAXH+8ak8UNkB3EEFvwBsJUFJgaRaalcHfB2aRp0f9o41IoX2R02xqbv6Go2dOBIl5pp9T5JEqz7VgIc+bxInqeiYbwhemQ==

When the switch prints out the fingerprint it’s done. You can now ssh into your switch with your public key.

:-$ ssh 10.20.10.2




SwitchR#show users

   Username       Protocol          Location
--------------- ------------ -----------------------
   veloc1ty         SSH            10.20.10.21

Apply access lists as desired now on your interface.

Reference: Command Reference PDF page 1221 found here: https://www.cisco.com/c/en/us/support/switches/sg350-10-10-port-gigabit-managed-switch/model.html#CommandReferences


Du hast einen Kommentar, einen Wunsch oder eine Verbesserung? Schreib mir doch eine E-Mail! Die Infos dazu stehen hier.

🖇️ = Link zu anderer Webseite
🔐 = Webseite nutzt HTTPS (verschlüsselter Transportweg) Zurück