cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
397
Views
0
Helpful
4
Replies

TACACS+ / SSHauth

Mike_Lowrey
Level 1
Level 1

Hi,

I have an Cisco MDS environment with tacacs+ user authentication.

Now I would like to script some stuff and automatically login to the switch via ssh without a password.

How can I do that with TACACS+?

Is it still possible to use private/public sshkeys? If yes - how does this work with cisco switch? (Where do I put key from my host?)

thanks for help

rgds,

Mike

4 Replies 4

inch
Level 3
Level 3

Hi Mike,

You can use ssh keys on MDS'. From the top of my head (its been a while!) its

config# username blah sshkey your_key_here

or something similar, like I said its been a while.

Cheers

Check this link out, specifically page 3-19 for instructions on how to set up the SSH user for pre-shared key access.

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_3_x/cookbook/MDScookbook31a.pdf

Hope this helps,

Mike

Hi,

thanks - it works with key.

However I still would like to store this sshkey on a central place.

If I do it the"normal" way I need to create a local user on every switch and assign a key to this user. I would rather use my tacacs+-server for that. E.g. assign the pub key in the tacacs config file to a user instaed of a passord. Is this not possible?

rgds,

Mike

I would have to defer to a TACACS+ expert on that. The only way I know that is has ever been done, is with the keys. If you want to use the TACACS+ server, as far as I know, you would need to use password authentication for the SSH login.

Thanks,

Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: