Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ssh keys for Cisco CSS?

I have an ssh license for my Cisco CSS 11000 series. I was expecting to be able to generate keys, but the only ssh configuration commands that I find do not support any key generation. Will I always have to use login and password to get an ssh connection to the device?

  • Application Networking

Re: ssh keys for Cisco CSS?

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center ( or speak with a TAC engineer. You can open a TAC case online at

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

New Member

Re: ssh keys for Cisco CSS?

I have learned that CSS does not generate / expire / manage keys. Your current choices are:

1. Login via configured (local) username / password, where the password is saved in the config as a DES hash, or

2. Login via RADIUS authentication

You can configure the system to try one before the other, or only use one or the other. TACACS+ is planned for WebNS 6.0, scheduled for release in summer or Fall of Calendar Year 2002, but we are trying to pull the feature into an earlier release.

So functionally, you can get the advanced key handling via RADIUS, based on the capabilities of the RADIUS server implementation.

Of course your Cisco support representatives and product release notes will have details as new versions are released.