TACACS+ / SSHauth

Unanswered Question
Feb 12th, 2009

Hi,

I have an Cisco MDS environment with tacacs+ user authentication.

Now I would like to script some stuff and automatically login to the switch via ssh without a password.

How can I do that with TACACS+?

Is it still possible to use private/public sshkeys? If yes - how does this work with cisco switch? (Where do I put key from my host?)

thanks for help

rgds,

Mike

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
inch Thu, 02/12/2009 - 12:31

Hi Mike,

You can use ssh keys on MDS'. From the top of my head (its been a while!) its

config# username blah sshkey your_key_here

or something similar, like I said its been a while.

Cheers

Mike_Lowrey Fri, 02/13/2009 - 10:22

Hi,

thanks - it works with key.

However I still would like to store this sshkey on a central place.

If I do it the"normal" way I need to create a local user on every switch and assign a key to this user. I would rather use my tacacs+-server for that. E.g. assign the pub key in the tacacs config file to a user instaed of a passord. Is this not possible?

rgds,

Mike

Michael Brown Fri, 02/13/2009 - 14:14

I would have to defer to a TACACS+ expert on that. The only way I know that is has ever been done, is with the keys. If you want to use the TACACS+ server, as far as I know, you would need to use password authentication for the SSH login.

Thanks,

Mike

Actions

This Discussion

 

 

Trending Topics: Storage Networking