{"id":2243,"date":"2013-06-28T10:22:52","date_gmt":"2013-06-28T09:22:52","guid":{"rendered":"http:\/\/blog.campodoro.org\/?p=2243"},"modified":"2013-06-28T10:30:42","modified_gmt":"2013-06-28T09:30:42","slug":"cisco-sg300-sg500-switch-ssh-public-key-authentication","status":"publish","type":"post","link":"https:\/\/blog.campodoro.org\/?p=2243","title":{"rendered":"Cisco SG300 \/ SG500 switch SSH Public key authentication"},"content":{"rendered":"

Argh! I wasn’t able to paste my public SSH key into the switch’s GUI (keeps on giving me a very annoying error:<\/p>\n

Invalid key string.
\nWhen a Key is entered, it should contain the “BEGIN” and “END” markers.<\/strong>”<\/p>\n

So, let’s try the CLI. I presume you already know how to handle a Cisco from the terminal.<\/p>\n

– Enable ssh-server on the switch<\/strong><\/p>\n

switchxxxxxx(config)#<\/span> ip ssh server<\/code><\/span><\/p>\n

– Enable public key authentication<\/strong><\/p>\n

switchxxxxxx(config)#<\/span> ip ssh pubkey-auth auto-login<\/code><\/span><\/p>\n

– Add a user:<\/strong><\/p>\n

switchxxxxxx(config)# username martijn password SecretPassword privilege 15<\/span><\/code><\/p>\n

– Then, add user’s public key<\/strong><\/p>\n

switchxxxxxx(config)# crypto key pubkey-chain ssh<\/span>
\nswitchxxxxxx(config-pubkey-chain)# user-key martijn rsa<\/span>
\nswitchxxxxxx(config-pubkey-key)# key-string<\/span><\/code><\/p>\n

(paste your id_rsa.pub here)<\/span><\/strong><\/p>\n

– Check if the fingerprint is correct:
\n<\/strong>
\nswitchxxxxxx# show crypto key pubkey-chain ssh<\/span><\/code><\/p>\n

Username Fingerprint
\n————– —————————————————————
\nmartijn 35:ea:60:06:fc:d7:f7:d3:3b:d1:0f:10:63:f7:0b:02<\/p>\n

Now try to ssh to your switch; no password should be asked.<\/strong><\/p>\n

\"Post<\/a> Tweet<\/a> \"Post<\/a> Post to Delicious<\/a> \"Post<\/a> Post to Facebook<\/a><\/p><\/div>","protected":false},"excerpt":{"rendered":"

Argh! I wasn’t able to paste my public SSH key into the switch’s GUI (keeps on giving me a very annoying error: “Invalid key string. When a Key is entered, it should contain the “BEGIN” and “END” markers.” So, let’s … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,187],"tags":[193,188,192,155,191,190,194,195,189],"class_list":["post-2243","post","type-post","status-publish","format-standard","hentry","category-aaaarghh","category-cisco","tag-authentication","tag-cisco-2","tag-key","tag-network","tag-public","tag-server","tag-sg300","tag-sg500","tag-ssh"],"_links":{"self":[{"href":"https:\/\/blog.campodoro.org\/index.php?rest_route=\/wp\/v2\/posts\/2243"}],"collection":[{"href":"https:\/\/blog.campodoro.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.campodoro.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.campodoro.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.campodoro.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2243"}],"version-history":[{"count":5,"href":"https:\/\/blog.campodoro.org\/index.php?rest_route=\/wp\/v2\/posts\/2243\/revisions"}],"predecessor-version":[{"id":2248,"href":"https:\/\/blog.campodoro.org\/index.php?rest_route=\/wp\/v2\/posts\/2243\/revisions\/2248"}],"wp:attachment":[{"href":"https:\/\/blog.campodoro.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.campodoro.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.campodoro.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}