Cisco IOS SSH Key Authentication
In this video, we show you how to configure Cisco IOS routers or switches to support key pair authentication
As well as username/password authentication, a Cisco IOS device can be configured so that you can login using SSH keys
With a passphrase assigned to the private key, this follows the security model of something you have and something you know to make the process more secure
NOTE: The Cisco IOS version used in this video only supports RSA and SHA1, which is not ideal
=============================
SUPPORT THE CHANNEL
Donate through Paypal:
https://paypal.me/DavidMcKone
Donate through Buy Me A Coffee:
https://buymeacoffee.com/dmckone
Become a monthly contributor on Patreon:
/ dmckone
Become a monthly contributor on YouTube:
/ @techtutorialsdavidmckone
==============================
==============================
MEDIA LINKS:
Website - https://www.techtutorials.tv/
Twitter - / dsmckone1
Facebook - / dsmckone
Linkedin - / dmckone
Instagram - / david.mckone
==============================
Steps Taken
1) Create user account
conf t
username david privilege 15
end
We don't need a password for this account
2) Create a key chain for the user
conf t
ip ssh pubkey-chain
username david
key-string
We now need to paste in the public key but creating that depends on the OS for your computer
3) Linux
Create an SSH keypair on the computer using OpenSSH
cd .ssh
ssh-keygen -b 4096 -t rsa -f ciscolab -C "[email protected]"
Apply a passphrase to protect the private key
This will create a key pair using RSA, 4096 bits in size, named ciscolab and with a comment to help identify the owner
We now need to paste in the contents of the public key for this user
In Linux, we need to split up the lines because the output is on a single line and Cisco IOS can't accept so many characters
fold -b -w 72 ciscolab.pub
We don't need to include the algorithm details at the beginning or the comment at the end, so copy and paste the rest
Then finish the configuration
exit
end
To verify this, you can compare the hash for this key which is stored using MD5
On the Cisco device
sh run | b pubkey
On the Linux computer
ssh-keygen -l -E md5 -f ciscolab.pub
To reduce latency during login you can edit the config file on the computer and specify the key rather than let the client try different ones until it exhausts all possibilities
At the time of recording, OpenSSH has deprecated SHA1 but that's all the Cisco IOS version supports, however, the SSH config file for the computer can be configured to allow this
nano .ssh/config
Host *
IdentitiesOnly yes
Host uklon01wan01
IdentityFile "/home/david/.ssh/ciscolab"
PubKeyAcceptedAlgorithms=ssh-rsa
4) Windows
Use Putygen to create the keys and copy and paste in the public key
Then finish the configuration
exit
end
To verify this, you can compare the hash for this key which is stored using MD5
On the Cisco device
sh run | b pubkey
On the Windows computer, use Putygen and set the fingerprint to display in MD5
5) Key Authentication only
The IOS device is still accepting username/password logins but this can be changed to allow SSH keys only
conf t
ip ssh server algorithm authentication publickey
end
By only specifying publickey, all other methods are disabled
Chapters
00:00 Intro
00:38 Assumptions
01:00 User Account
02:22 Key Chain
03:25 Linux
13:29 Windows
19:48 Key Authentication Only
Credits
LoveLife | Instrumental Prod. Blue Mango | EQMUSEQ.COM by Don Da Vinci
https://soundcloud.com/eqmuseq/loveli...
cisco ssh,cisco ssh keys,cisco ssh keygen,cisco ssh public key,cisco ios ssh key authentication,cisco ios key,cisco,ssh rsa key based authentication in cisco devices,cisco ios ssh public key
Cisco IOS SSH Key Authentication
Watch video Cisco IOS SSH Key Authentication online without registration, duration hours minute second in high quality. This video was added by user Tech Tutorials - David McKone 01 September 2022, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,943 once and liked it 31 people.