Unanswered Question
Feb 12th, 2009
User Badges:


I have an Cisco MDS environment with tacacs+ user authentication.

Now I would like to script some stuff and automatically login to the switch via ssh without a password.

How can I do that with TACACS+?

Is it still possible to use private/public sshkeys? If yes - how does this work with cisco switch? (Where do I put key from my host?)

thanks for help



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
inch Thu, 02/12/2009 - 12:31
User Badges:
  • Bronze, 100 points or more

Hi Mike,

You can use ssh keys on MDS'. From the top of my head (its been a while!) its

config# username blah sshkey your_key_here

or something similar, like I said its been a while.


Mike_Lowrey Fri, 02/13/2009 - 10:22
User Badges:


thanks - it works with key.

However I still would like to store this sshkey on a central place.

If I do it the"normal" way I need to create a local user on every switch and assign a key to this user. I would rather use my tacacs+-server for that. E.g. assign the pub key in the tacacs config file to a user instaed of a passord. Is this not possible?



Michael Brown Fri, 02/13/2009 - 14:14
User Badges:
  • Cisco Employee,

I would have to defer to a TACACS+ expert on that. The only way I know that is has ever been done, is with the keys. If you want to use the TACACS+ server, as far as I know, you would need to use password authentication for the SSH login.




This Discussion



Trending Topics: Storage Networking