Cisco IOS 15 ssh key auth

The scripts I have show for Cisco and telnet devices are only a workaround to get remote access to a device that is not capable of SSH key authentication.

Now I got hold of a Cisco device with IOS 15. One of the first things I tests is key authenticate with SSH.  I am quite surprised how easy this worked out.

First I generated key-pair on my Linux machine:

ssh-keygen -t rsa -b 2048

Now two files are created: id_rsa and id_rsa.pub

After enabeling SSH on your  router:

hostname name
!
ip domain-name my-very-cool-domain.local
!
crypto key generate rsa
!
! define local usernames, use passwords or secrets
!
username user1 secret password1
username user2 secret password2
username remote secret MySecretEntryPassword
!
ip ssh version 2
!
line vty 0 4
 login local

You have to get the content of your id_rsa.pub file into the router. The easiest way is copy past:
 

Router007#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router007(config)#ip ssh pubkey-chain
Router007(conf-ssh-pubkey)#username remote
Router007(conf-ssh-pubkey-user)#key-string
Router007(conf-ssh-pubkey-user)#key-string    
Router007(conf-ssh-pubkey-data)#$P/QSyXaXNG8l/dcgv+r0SgkCOqQrr        
Router007(conf-ssh-pubkey-data)#$0jMQpH1NI0+n1RXCqrA82KoxY5s5v        
Router007(conf-ssh-pubkey-data)#$JW2Y446BJdfCY4LKZQEquXCftXJwQ        
Router007(conf-ssh-pubkey-data)#$EeNG1zGZ7+OniY09JvifX8+G++1/W        
Router007(conf-ssh-pubkey-data)#$I8UwX4eGzrx1BJdV6Jx ubuntu@ubuntuvb  
Router007(conf-ssh-pubkey-data)#exit
Router007(conf-ssh-pubkey-user)#end

… double check the routers configuration on the device:

R2#show run | section ssh
ip ssh rsa keypair-name SSH
ip ssh version 2
ip ssh pubkey-chain
 username remote
  key-hash ssh-rsa 5E45279F394346903BF35E120784CAFE ubuntu@ubuntuvb

Now just try to access your machine via SSH and key auth.
If you use the same machine as the key was generated with the same user its pretty simple: ssh remote@my-router and you are in.
If you wanna use Windows you might need to look for putty and the puttygen.

Leave a Reply

Your email address will not be published. Required fields are marked *