Cisco SG300 / SG500 switch SSH Public key authentication

Argh! I wasn’t able to paste my public SSH key into the switch’s GUI (keeps on giving me a very annoying error:

Invalid key string.
When a Key is entered, it should contain the “BEGIN” and “END” markers.

So, let’s try the CLI. I presume you already know how to handle a Cisco from the terminal.

– Enable ssh-server on the switch

switchxxxxxx(config)# ip ssh server

– Enable public key authentication

switchxxxxxx(config)# ip ssh pubkey-auth auto-login

– Add a user:

switchxxxxxx(config)# username martijn password SecretPassword privilege 15

– Then, add user’s public key

switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key martijn rsa
switchxxxxxx(config-pubkey-key)# key-string

(paste your id_rsa.pub here)

– Check if the fingerprint is correct:

switchxxxxxx# show crypto key pubkey-chain ssh

Username Fingerprint
————– —————————————————————
martijn 35:ea:60:06:fc:d7:f7:d3:3b:d1:0f:10:63:f7:0b:02

Now try to ssh to your switch; no password should be asked.