Cisco SG-350: SSH pubkey key auth
Thursday, December 6 2018 · Lesezeit: 1 Minuten · 190 Wörter · Tags: ciscosg350 Achtung! Dieser Artikel ist älter als ein Jahr. Der Inhalt ist möglicherweise nicht mehr aktuell!I wanted to activate ssh public key authentication on my Cisco SG-350 10 Port manged switch. And it was a pain in the ass because of the slightly different CLI syntax.
First of all enable ssh. This requires a configured and working IP address on the switch:
SwitchR#conf t
SwitchR(config)#ip ssh server
SwitchR(config)#ip ssh pubkey-auth auto-login
SSH pubkey authentication is now enabled. Now you have to add an ssh key to your user. This requires an already configured user with the desired privilege level:
SwitchR(config)#crypto key pubkey-chain ssh
SwitchR(config-pubkey-chain)#user-key veloc1ty rsa
SwitchR(config-pubkey-key)#key-string
Enter key-string
and hit enter. The CLI now expects a ssh public key pasted in. Remove ssh-rsa
in the beginning of your key and strip away the key comment at the end if you have one.
This is repeated just to show it ---> SwitchR(config-pubkey-key)#key-string
AAAAB3NzaC1yc2EAAAADAQABAAACAQDa8y4yq6qkNGT2qiPkzyjRWMqOuOP7h8/P6V/AYjgYwJWM06Cm5nnqgtMA2SCiSpPZNOp5sVE+85k5NmdfuASJHVvBiUrlMOvjQVojA0QJc+I23WGmGRQp2eGYgDRia+N4itwuEExIUmZtUqwvIfhCeZJycIo4VjzwdTxg4pMtrx+sC3N1+vN3N9so0gYWW3X7p6GMU4UeBSwCqmVV1cHJKbxbXbaw8JUc4P/MIys1orhj0ePgi2mSSfA2rlMEHbGD4tpZeUcxfEkd9QKf6OC2/z80V501qKTT1eFVwVKwZlqzpS0Vi5o72X8329BHyRYKlbJvKzIOEdHMeVs9eB6HKP/580lJjhCc2ZkqnV/PZuiJ89a4oBeAkahyFZdHPVHqcec8KSBh80XwAjNHEhzw5i2r82Cr1ytEDCrhDJwTGCZZS35JX0AS3Bv73R0m4q82h/rLc/e2W7w6lgEyBu6KcQqF5xNzxDdHa8KCrjo8GNqQQg5KFltK4w+tb7KSIuC8SFXpXyOiHosTynmdsTM3M1NQXJgQ7yjOxpw0EnuozdUfxB2thkuTpCwiOMIeolD3TFY3wP2Zum9pAXH+8ak8UNkB3EEFvwBsJUFJgaRaalcHfB2aRp0f9o41IoX2R02xqbv6Go2dOBIl5pp9T5JEqz7VgIc+bxInqeiYbwhemQ==
When the switch prints out the fingerprint it’s done. You can now ssh into your switch with your public key.
:-$ ssh 10.20.10.2
SwitchR#show users
Username Protocol Location
--------------- ------------ -----------------------
veloc1ty SSH 10.20.10.21
Apply access lists as desired now on your interface.
Reference: Command Reference PDF page 1221 found here: https://www.cisco.com/c/en/us/support/switches/sg350-10-10-port-gigabit-managed-switch/model.html#CommandReferences
Du hast einen Kommentar, einen Wunsch oder eine Verbesserung? Schreib mir doch eine E-Mail! Die Infos dazu stehen hier.
🖇️ = Link zu anderer Webseite
🔐 = Webseite nutzt HTTPS (verschlüsselter Transportweg) Zurück