TACACS+ / SSHauth

Unanswered Question
Feb 12th, 2009

Hi,


I have an Cisco MDS environment with tacacs+ user authentication.


Now I would like to script some stuff and automatically login to the switch via ssh without a password.


How can I do that with TACACS+?

Is it still possible to use private/public sshkeys? If yes - how does this work with cisco switch? (Where do I put key from my host?)


thanks for help


rgds,

Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
inch Thu, 02/12/2009 - 12:31

Hi Mike,


You can use ssh keys on MDS'. From the top of my head (its been a while!) its


config# username blah sshkey your_key_here


or something similar, like I said its been a while.


Cheers


Mike_Lowrey Fri, 02/13/2009 - 10:22

Hi,


thanks - it works with key.


However I still would like to store this sshkey on a central place.

If I do it the"normal" way I need to create a local user on every switch and assign a key to this user. I would rather use my tacacs+-server for that. E.g. assign the pub key in the tacacs config file to a user instaed of a passord. Is this not possible?


rgds,

Mike

Michael Brown Fri, 02/13/2009 - 14:14

I would have to defer to a TACACS+ expert on that. The only way I know that is has ever been done, is with the keys. If you want to use the TACACS+ server, as far as I know, you would need to use password authentication for the SSH login.


Thanks,

Mike

Actions

This Discussion

 

 

Trending Topics: Storage Networking