First create yourself a rather small key:
ssh keygen -t rsa -b 1024It will ask you some questions, hopefully you've seen this dialog before. If you need help please feel free to comment or privately message me.
After the key has been created, copy the public string into your copybuffer.
> cat .ssh/nibz_cisco@shadow.cat.pdx.edu.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDMuKvC5ZVRuQw6YF5xnMZLopBVbQv5jxgHcR6BWfws3lTaqfSrKUlp3BulxA7P2snphcavf4TS+bNHFd9PKGRVpoQ8ERZtXn1+f008XUN3cxYMZXLB18ae7kfm8Sxk/bO4xWGaQAKc7jkIQY4OLIE0TsKTZGux241N6BNeLGmuLQ== nibz@shadow.cat.pdx.edu
Now add the key to cisco. This assumes the user has already been created properly. It also assumes you are running the following version of IOS:
* 1 52 WS-C3750G-48TS 15.0(2)SE C3750-IPBASEK9-MI have tried this on a 15.0(1) and it didn't work. Configuration commands:
fab6017a#conf t Enter configuration commands, one per line. End with CNTL/Z. fab6017a(config)#ip ssh pubkey fab6017a(config)#ip ssh pubkey-chain fab6017a(conf-ssh-pubkey)#username nibz fab6017a(conf-ssh-pubkey-user)#key-string fab6017a(conf-ssh-pubkey data)#$snphcavf4TS+bNHFd9PKGRVpoQ8ERZtXn1+f008XUN3cxYMZXLB18ae7kfm8Sxk/bO4xWGaQAKc7jkIQY4OLIE0TsKTZGux241N6BNeLGmuLQ== nibz@shadow.cat.pdx.edu fab6017a(conf-ssh-pubkey-data)#exit fab6017a(conf-ssh-pubkey-user)#endSome notes on the above: Paste the whole public key once you get the (conf-ssh-pubkey-data) prompt. This includes the 'ssh-rsa' header and comment footer. Use the exit keyword on the (conf-ssh-pubkey-data) line, any other word will be sandwiched onto the end of the key. You can use this feature to split your key into multiple lines and input it that way. After this, cisco will hash your key and the configuration will look like:
username nibz key-hash ssh-rsa 2F33A5AE2F505B42203276F9B2313138 nibz@shadow.cat.pdx.eduThis configuration can be put in other cisco configs elsewhere in your infrastructure. Happy hacking. This was performed on a Cisco3750G running IOS 15.0(2)SE
No comments:
Post a Comment