Public Key authentication on Cisco IOS

I rely on SSH pretty heavily, be it for remotely managing a hanful of Linux systems or connecting to Cisco routers. I do this from my laptop and more recently – my phone. Rather than type passwords all the time (which can be tricky on on-screen keyboards) I decided to setup public key authentication for the Cisco routers I use.

Cisco IOS has supported public key authentication (for RSA keys only) since IOS 15. If you don’t already have a public/private RSA key-pair you can use PuttyGen (free, open-source) to generate them. If you’re a Linux user you can use the “ssh-keygen” command.

To set up RSA public key authentication, enter global configuration mode and issue the “ip ssh pubkey-chain” command. Then specify the username you want to provide a key for:

Router(config)#ip ssh pubkey-chain
Router(conf-ssh-pubkey)#username admin
Router(conf-ssh-pubkey-user)#key-string

Now, paste the data part of your public key (highlighted in red below).

ssh-rsa AAAAB.....aaa== rsa-key-20130820

Continue reading Public Key authentication on Cisco IOS