Argh! I wasn’t able to paste my public SSH key into the switch’s GUI (keeps on giving me a very annoying error:
“Invalid key string.
When a Key is entered, it should contain the “BEGIN” and “END” markers.”
So, let’s try the CLI. I presume you already know how to handle a Cisco from the terminal.
– Enable ssh-server on the switch
switchxxxxxx(config)# ip ssh server
– Enable public key authentication
switchxxxxxx(config)# ip ssh pubkey-auth auto-login
– Add a user:
switchxxxxxx(config)# username martijn password SecretPassword privilege 15
– Then, add user’s public key
switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key martijn rsa
switchxxxxxx(config-pubkey-key)# key-string
(paste your id_rsa.pub here)
– Check if the fingerprint is correct:
switchxxxxxx# show crypto key pubkey-chain ssh
Username Fingerprint
————– —————————————————————
martijn 35:ea:60:06:fc:d7:f7:d3:3b:d1:0f:10:63:f7:0b:02
Now try to ssh to your switch; no password should be asked.
This is a very good article on SSH login without password. Here is another one that worked for me when I first started doing this. It’s very simple, concise and easy to understand. http://tinyurl.com/m9ztegw
Excellent instructions!
In addition to doing this, (and completely optional) I also enabled password authentication just in case I needed to log in from a different location and I did not have my SSH key available.
switch# conf t
switch# ip ssh password-auth
Enabling password auth is a very very bad idea.
Remove the preceding “ssh-rsa ” part and format the ssh pub key like below.
—- BEGIN SSH2 PUBLIC KEY —-
Comment: RSA Public Key
AAAAB3NzaC1yc2EAAAADAQABAAACAQCfH3trUGkP9bvypu2Oo1+JPX9qDmVXxb7BHbWstBsQLSADX1r+/abHD9Y1eYphULAiDNrR1URrcZNm+ORPmKwb61Z6lVsqXKwocM7GgmC0HazRww1WAHjTDntPfVhnG0v9zazBTaW6gNzszAwDge+E7yt1nqdYKmMeCI222EV9cvemDlXuhyDefLS1qHylgYhPc3sZFCK2d1cSWxBgd+kjbCt01kz3SyqrBd6Gqz5yGv0Co2PbPHk5rydze8bB04EF8bgsdHoL3PKFH2f1GVuL2EAzJq1ogJuGH2NPkkzY/J1ZtmcF9U29hFanXAcniw//tmzRar+ior1QyjgOds8hsovlPDotOs3bYZKmvPiZY9xkO0rL77n+JsonlaIbQXq8F2VsOeFJa978VnsIBMebIMx0hX+Ehv4ZeQOH/62W0Sb0fxHQlh3Lhbi3pNrsk105GVuF3f21+79HEuF0aGjh+GaSSJJ1SsiqjEirlxIPvOjnvFXX5bCq/tkCQeMMqmtr0Ip05sPyYcPYD+Zp0gKpCSwz2/zH3zs94rvjeo1emifgPDBtQRtjiQuCVRfA/I3sw+iDK4mA/P4Ntn20Y7ppyQ+eVX/fZA5RE6v1VWIPRgCm3SnJb47xfpZMb43cvyGZuae5VEM8cdRgSzualdZm4ixtlFXvdnC8SmiSpo9Hfw==
—- END SSH2 PUBLIC KEY —-
When using the web-GUI…