Users Guide
292 Authentication, Authorization, and Accounting
This configuration requires entering a public key, which can be generated by a
tool such as PuTTYgen. Be sure to generate the correct type of key. In this
case, we use an RSA key with the SSH-2 version of the protocol.
Switch Configuration
1
Create a switch administrator:
console#config
console(config)#username “admin” password
f4d77eb781360c5711ecf3700a7af623 privilege 15 encrypted
2
Set the login and enable methods for line to NOAUTH.
console(config)#aaa authentication login “NOAUTH” line
console(config)#aaa authentication enable “NOAUTH” line
3
Generate an internal RSA key. This step is not required if an internal RSA
key has been generated before on this switch:
console(config)#crypto key generate rsa
4
Set SSH to use a public key for the specified administrator login. The user
login is specified by the username command, not the ias-user command:
console(config)#crypto key pubkey-chain ssh user-key “admin”
rsa
5
Enter the public key obtained from a key authority or from a tool such as
PuTTyGen. This command is entered as a single line, not as multiple lines
as it appears in the following text.
console(config-pubkey-key)#key-string row
AAAAB3NzaC1yc2EAAAABJQAAAIBor6DPjYDpSy8Qcji68xrS/4Lf8c9Jq4xXKI
Z5Pvv20AkRFE0ifVI9EH4jyZagR3wzH5Xl9dyjA6bTuqMgN15C1xJC1l59FU88
JaY7ywGdRppmoaJrNRPM7RZtQPaDVIunzm3eMr9PywwQ0umsHWGNexUrDYHFWR
IAmJp689AAxw==
console(config)#exit
6
Set the line method to SSH:
console(config)#line ssh
7
Configure the authentication method to the networkList. The networkList
contains a single method — local — which is equivalent to password
authentication. Since the authentication is provided by the public key, a
second layer of authentication is not required:
console(config-ssh)#login authentication networkList
console(config-ssh)#exit