12-26-2008 08:11 PM - edited 03-04-2019 03:14 AM
Hi All,
I have the Cisco switch & Routers configured for SSH and it is working good.
I know how to configure SSH in router using crypto command.
The new requirement araised now. My organisation has created a pair of key - PULIC KEY & PRIVATE KEY common to the company using some mechanism. The idea is the PUBLIC KEY will be installed in the devices like Unix, Linux Servers. so the staff who is owing the PRIVATE KEY is only be allowed to access the device. I am trying to add / install / import the PUBLIC KEY into the Switch in similar fashion. But i am not getting clue how to go ahead. Please guide me how to import the PUBLIC KEY into the Switch, so that who ever is having the PRIVATE KEY is only allowed to login to the device.
R.B.KUMAR
12-27-2008 01:50 PM
Hello R.B Kumar,
the term for what you want to do is PKI = Public Key Infrastructure
this involves the usage of certificates, CA= Certificates Autorities.
see
see the feature
Import of RSA Key Pair and Certificates in PEM Format
but I don't know if this can be used on all devices otherwise you may need to deploy a CA server.
Hope to help
Giuseppe
12-29-2008 08:28 AM
Hi giuslar,
Thankyou for your response.
But your answer is deviating from the requirement. Let me explain again
I donot have CA Server in place.I have created two keys PUBLIC KEY and PRIVATE KEY using a 3rdParty Tool.
I will keep the PRIVATE KEY safe with me. I want to install the PUBLIC KEY in the switch/Router.
so only i should be able to access the switch / Router even though i somebody knows the username/password
Hope now you understood the requirement and help me better
R.B.KUMAR
12-29-2008 12:20 PM
Hello R.B Kumar,
the second link of my previous should be the feature that fits your needs.
it provides the option to import an RSA key using
crypto key import rsa key-label pem [usage-keys] {terminal | url url} [exportable] passphrase
see
the advice is that RSA keys has to be flagged as exportable where they are generated.
And this should allow to deploy the public key on devices.
Then there is a section about private locked keys
Encrypting and Locking Private Keys on a Router
But this is different from what you want to do because the private key is stored on the device
You would like to use asymmetric encryption
see
But as you can read again CAs and certificates are involved in this second document.
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: