TACACS+ / SSHauth

Mike_Lowrey · ‎02-12-2009

Hi,

I have an Cisco MDS environment with tacacs+ user authentication.

Now I would like to script some stuff and automatically login to the switch via ssh without a password.

How can I do that with TACACS+?

Is it still possible to use private/public sshkeys? If yes - how does this work with cisco switch? (Where do I put key from my host?)

thanks for help

rgds,

Mike

inch · ‎02-12-2009

Hi Mike,

You can use ssh keys on MDS'. From the top of my head (its been a while!) its

config# username blah sshkey your_key_here

or something similar, like I said its been a while.

Cheers

Michael Brown · ‎02-13-2009

Check this link out, specifically page 3-19 for instructions on how to set up the SSH user for pre-shared key access.

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_3_x/cookbook/MDScookbook31a.pdf

Hope this helps,

Mike

Mike_Lowrey · ‎02-13-2009

Hi,

thanks - it works with key.

However I still would like to store this sshkey on a central place.

If I do it the"normal" way I need to create a local user on every switch and assign a key to this user. I would rather use my tacacs+-server for that. E.g. assign the pub key in the tacacs config file to a user instaed of a passord. Is this not possible?

rgds,

Mike

Michael Brown · ‎02-13-2009

I would have to defer to a TACACS+ expert on that. The only way I know that is has ever been done, is with the keys. If you want to use the TACACS+ server, as far as I know, you would need to use password authentication for the SSH login.

Thanks,

Mike