02-12-2009 06:00 AM
Hi,
I have an Cisco MDS environment with tacacs+ user authentication.
Now I would like to script some stuff and automatically login to the switch via ssh without a password.
How can I do that with TACACS+?
Is it still possible to use private/public sshkeys? If yes - how does this work with cisco switch? (Where do I put key from my host?)
thanks for help
rgds,
Mike
02-12-2009 12:31 PM
Hi Mike,
You can use ssh keys on MDS'. From the top of my head (its been a while!) its
config# username blah sshkey your_key_here
or something similar, like I said its been a while.
Cheers
02-13-2009 03:12 AM
Check this link out, specifically page 3-19 for instructions on how to set up the SSH user for pre-shared key access.
http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_3_x/cookbook/MDScookbook31a.pdf
Hope this helps,
Mike
02-13-2009 10:22 AM
Hi,
thanks - it works with key.
However I still would like to store this sshkey on a central place.
If I do it the"normal" way I need to create a local user on every switch and assign a key to this user. I would rather use my tacacs+-server for that. E.g. assign the pub key in the tacacs config file to a user instaed of a passord. Is this not possible?
rgds,
Mike
02-13-2009 02:14 PM
I would have to defer to a TACACS+ expert on that. The only way I know that is has ever been done, is with the keys. If you want to use the TACACS+ server, as far as I know, you would need to use password authentication for the SSH login.
Thanks,
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide