Cisco IOS 15 ssh key auth

The scripts I have show for Cisco and telnet devices are only a workaround to get remote access to a device that is not capable of SSH key authentication.

Now I got hold of a Cisco device with IOS 15. One of the first things I tests is key authenticate with SSH.  I am quite surprised how easy this worked out.

First I generated key-pair on my Linux machine:

ssh-keygen -t rsa -b 2048

Now two files are created: id_rsa and

After enabeling SSH on your  router:

hostname name
ip domain-name my-very-cool-domain.local
crypto key generate rsa
! define local usernames, use passwords or secrets
username user1 secret password1
username user2 secret password2
username remote secret MySecretEntryPassword
ip ssh version 2
line vty 0 4
 login local

You have to get the content of your file into the router. The easiest way is copy past:

Router007#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router007(config)#ip ssh pubkey-chain
Router007(conf-ssh-pubkey)#username remote
Router007(conf-ssh-pubkey-data)#$I8UwX4eGzrx1BJdV6Jx ubuntu@ubuntuvb  

… double check the routers configuration on the device:

R2#show run | section ssh
ip ssh rsa keypair-name SSH
ip ssh version 2
ip ssh pubkey-chain
 username remote
  key-hash ssh-rsa 5E45279F394346903BF35E120784CAFE ubuntu@ubuntuvb

Now just try to access your machine via SSH and key auth.
If you use the same machine as the key was generated with the same user its pretty simple: ssh remote@my-router and you are in.
If you wanna use Windows you might need to look for putty and the puttygen.

Leave a Reply

Your email address will not be published. Required fields are marked *