Cisco SG300 / SG500 switch SSH Public key authentication

Argh! I wasn’t able to paste my public SSH key into the switch’s GUI (keeps on giving me a very annoying error:

Invalid key string.
When a Key is entered, it should contain the “BEGIN” and “END” markers.

So, let’s try the CLI. I presume you already know how to handle a Cisco from the terminal.

– Enable ssh-server on the switch

switchxxxxxx(config)# ip ssh server

– Enable public key authentication

switchxxxxxx(config)# ip ssh pubkey-auth auto-login

– Add a user:

switchxxxxxx(config)# username martijn password SecretPassword privilege 15

– Then, add user’s public key

switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key martijn rsa
switchxxxxxx(config-pubkey-key)# key-string

(paste your id_rsa.pub here)

– Check if the fingerprint is correct:

switchxxxxxx# show crypto key pubkey-chain ssh

Username Fingerprint
————– —————————————————————
martijn 35:ea:60:06:fc:d7:f7:d3:3b:d1:0f:10:63:f7:0b:02

Now try to ssh to your switch; no password should be asked.

5 thoughts on “Cisco SG300 / SG500 switch SSH Public key authentication

  1. Excellent instructions!

    In addition to doing this, (and completely optional) I also enabled password authentication just in case I needed to log in from a different location and I did not have my SSH key available.

    switch# conf t
    switch# ip ssh password-auth

  2. Remove the preceding “ssh-rsa ” part and format the ssh pub key like below.
    —- BEGIN SSH2 PUBLIC KEY —-
    Comment: RSA Public Key
    AAAAB3NzaC1yc2EAAAADAQABAAACAQCfH3trUGkP9bvypu2Oo1+JPX9qDmVXxb7BHbWstBsQLSADX1r+/abHD9Y1eYphULAiDNrR1URrcZNm+ORPmKwb61Z6lVsqXKwocM7GgmC0HazRww1WAHjTDntPfVhnG0v9zazBTaW6gNzszAwDge+E7yt1nqdYKmMeCI222EV9cvemDlXuhyDefLS1qHylgYhPc3sZFCK2d1cSWxBgd+kjbCt01kz3SyqrBd6Gqz5yGv0Co2PbPHk5rydze8bB04EF8bgsdHoL3PKFH2f1GVuL2EAzJq1ogJuGH2NPkkzY/J1ZtmcF9U29hFanXAcniw//tmzRar+ior1QyjgOds8hsovlPDotOs3bYZKmvPiZY9xkO0rL77n+JsonlaIbQXq8F2VsOeFJa978VnsIBMebIMx0hX+Ehv4ZeQOH/62W0Sb0fxHQlh3Lhbi3pNrsk105GVuF3f21+79HEuF0aGjh+GaSSJJ1SsiqjEirlxIPvOjnvFXX5bCq/tkCQeMMqmtr0Ip05sPyYcPYD+Zp0gKpCSwz2/zH3zs94rvjeo1emifgPDBtQRtjiQuCVRfA/I3sw+iDK4mA/P4Ntn20Y7ppyQ+eVX/fZA5RE6v1VWIPRgCm3SnJb47xfpZMb43cvyGZuae5VEM8cdRgSzualdZm4ixtlFXvdnC8SmiSpo9Hfw==
    —- END SSH2 PUBLIC KEY —-

Leave a Reply

Your email address will not be published. Required fields are marked *