Cisco SG300 / SG500 switch SSH Public key authentication

Argh! I wasn’t able to paste my public SSH key into the switch’s GUI (keeps on giving me a very annoying error:

Invalid key string.
When a Key is entered, it should contain the “BEGIN” and “END” markers.

So, let’s try the CLI. I presume you already know how to handle a Cisco from the terminal.

– Enable ssh-server on the switch

switchxxxxxx(config)# ip ssh server

– Enable public key authentication

switchxxxxxx(config)# ip ssh pubkey-auth auto-login

– Add a user:

switchxxxxxx(config)# username martijn password SecretPassword privilege 15

– Then, add user’s public key

switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key martijn rsa
switchxxxxxx(config-pubkey-key)# key-string

(paste your here)

– Check if the fingerprint is correct:

switchxxxxxx# show crypto key pubkey-chain ssh

Username Fingerprint
————– —————————————————————
martijn 35:ea:60:06:fc:d7:f7:d3:3b:d1:0f:10:63:f7:0b:02

Now try to ssh to your switch; no password should be asked.

5 thoughts on “Cisco SG300 / SG500 switch SSH Public key authentication

  1. Excellent instructions!

    In addition to doing this, (and completely optional) I also enabled password authentication just in case I needed to log in from a different location and I did not have my SSH key available.

    switch# conf t
    switch# ip ssh password-auth

  2. Remove the preceding “ssh-rsa ” part and format the ssh pub key like below.
    Comment: RSA Public Key

Leave a Reply

Your email address will not be published. Required fields are marked *