Cisco SG300 / SG500 switch SSH Public key authentication

Argh! I wasn’t able to paste my public SSH key into the switch’s GUI (keeps on giving me a very annoying error:

Invalid key string.
When a Key is entered, it should contain the “BEGIN” and “END” markers.

So, let’s try the CLI. I presume you already know how to handle a Cisco from the terminal.

– Enable ssh-server on the switch

switchxxxxxx(config)# ip ssh server

– Enable public key authentication

switchxxxxxx(config)# ip ssh pubkey-auth auto-login

– Add a user:

switchxxxxxx(config)# username martijn password SecretPassword privilege 15

– Then, add user’s public key

switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key martijn rsa
switchxxxxxx(config-pubkey-key)# key-string

(paste your id_rsa.pub here)

– Check if the fingerprint is correct:

switchxxxxxx# show crypto key pubkey-chain ssh

Username Fingerprint
————– —————————————————————
martijn 35:ea:60:06:fc:d7:f7:d3:3b:d1:0f:10:63:f7:0b:02

Now try to ssh to your switch; no password should be asked.

Windows 2008 R2 Server & Windows 7 Pro: Unidentified network unchangeable

After installing Windows 2008 R2 inside VMware, I changed the network driver from E1000 to VMNET3. No problem, Windows 2008 R2 recognized the new adapters after a reboot. I only had to change the DHCP IP address to fixed IP. And then the problems started: apparently Windows 2008 (or Windows 7) won’t let you change the network location as soon as it has put the network in the ‘Unidentified network’ category. Trying ‘to fix’ this problem using the Windows ‘Diagnose’ tool just removed the fixed IP address and put it back on DHCP (and strangely, now the network category is Public).

This, of course, sucks.

However, this little trick should work:

1. Start –> run –> MMC –> press enter

2. In MMC console , from menu file select Add/Remove Snap-in

3. Select Group Policy Object editor –> Press Add –> select Local computer –> press OK –>press OK

4. Open Computer configration –>Windows Settings –>Security Settings –>select Network list manager policies

5. Double click –>Unidentified networks

Then you can select the option to consider the Unidentified networks as private.

This worked for me !